Topic: Can't send mails from online Forum with iRedMail 1.0
====
- iRedMail 1.0
- Deployed with downloadable installer
- Debian 10
- MariaDB
====
Hello,
I have problems sending mails through my Forum (MyBB) via iRedMail.
The Forum is installed on another server. It is configured to use TLS on Port 587.
On the mailserver I get following error message whenever a mail shall be send by the forum:
Mar 27 14:30:31 mail postfix/submission/smtpd[12979]: warning: TLS library problem: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../ssl/record/rec_layer_s3.c:1544:SSL alert number 48:However, when I try the connection via openssl, it seems to looks fine:
openssl s_client -starttls smtp -connect mail.mydomain.net:587
CONNECTED(00000003)
depth=0 C = CN, ST = GuangDong, L = ShenZhen, O = mail.mydomain.net, OU = IT, CN = mail.mydomain.net, emailAddress = root@mail.mydomain.net
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CN, ST = GuangDong, L = ShenZhen, O = mail.mydomain.net, OU = IT, CN = mail.mydomain.net, emailAddress = root@mail.mydomain.net
verify return:1
---
Certificate chain
0 s:C = CN, ST = GuangDong, L = ShenZhen, O = mail.mydomain.net, OU = IT, CN = mail.mydomain.net, emailAddress = root@mail.mydomain.net
i:C = CN, ST = GuangDong, L = ShenZhen, O = mail.mydomain.net, OU = IT, CN = mail.mydomain.net, emailAddress = root@mail.mydomain.net
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEHTCCAwWgAwIBAgIUOHgF7iNvn0AZOKelyKOmLjj9QGUwDQYJKoZIhvcNAQEL
BQAwgZ0xCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxETAPBgNVBAcM
CFNoZW5aaGVuMRkwFwYDVQQKDBBtYWlsLndlYmh5cG8ubmV0MQswCQYDVQQLDAJJ
VDEZMBcGA1UEAwwQbWFpbC53ZWJoeXBvLm5ldDEkMCIGCSqGSIb3DQEJARYVcm9v
dEBtYWlsLndlYmh5cG8ubmV0MB4XDTIwMDEwMjE3MzEyMVoXDTI5MTIzMDE3MzEy
MVowgZ0xCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxETAPBgNVBAcM
CFNoZW5aaGVuMRkwFwYDVQQKDBBtYWlsLndlYmh5cG8ubmV0MQswCQYDVQQLDAJJ
VDEZMBcGA1UEAwwQbWFpbC53ZWJoeXBvLm5ldDEkMCIGCSqGSIb3DQEJARYVcm9v
dEBtYWlsLndlYmh5cG8ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApFGZn1cc9tNtCkk7BYmJct7YDNSU/jX/iSWj3UU1FZPhrg6T3krIc1W+ta8y
b26N3nckwqtrTPux0+hQEQaPhpmjS8wmaOSFstqeetnhhzBd8LZMuEe89sJigz5p
CSs4Bn07A9nUhbL5ijYN6ci9tYT+L9CfjGSP01N8zBNjZCw4FjLCRiHipkLF718j
HdeuQY3jTqeknEdejMfgHhI2DrVLrwgs5QiJsmPLhDeiYXW1sdJSAcLnW3HCPCtb
coZMfHUaU7IDrHq34QVXsVTwNg0tV2ES6FTw5Kaah27g6IgLROhJWBG1ZOIh/F3+
I9JUcgrn+XmS/mVzh46/e5s0xQIDAQABo1MwUTAdBgNVHQ4EFgQUgs3vkSLvVGGM
tsTe9hUq5DjuGEYwHwYDVR0jBBgwFoAUgs3vkSLvVGGMtsTe9hUq5DjuGEYwDwYD
VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAm16HuRPksVZ2CyJM+/2q
9RBDXGsaUHoCg029k1dLYahv/Uwxra/UWCjEtYoeVnIkXNMTmGHuAz+q7Ay/cHKO
p632Mb9dT+AUZH7c1W97F73AEM13bum3S70RoMwER8PhkYhLcXM8W+8E72FGFRKe
6llha5O8jHUdWr2fGV53aQZVw/feyy7JMS/v0ROtImf0ai/tk7Nhn97rcVKpKQbh
MiaM1G9ZwBaxwYL/2o502dgqxLB/dJj8rOH6tlRtrnAL/5bA1lQYWRWISAyabO/I
4TuZZ6m85Y8zIFzGZ2Q9VBlEUVM8EGqN+GXXFnESE+NfagiRwukT8lVdbnw8KEBh
tA==
-----END CERTIFICATE-----
subject=C = CN, ST = GuangDong, L = ShenZhen, O = mail.mydomain.net, OU = IT, CN = mail.mydomain.net, emailAddress = root@mail.mydomain.net
issuer=C = CN, ST = GuangDong, L = ShenZhen, O = mail.mydomain.net, OU = IT, CN = mail.mydomain.net, emailAddress = root@mail.mydomain.net
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1836 bytes and written 431 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: C00CA28534E012660662C175805213DBC5EC89F339F2991F43CDA16D0D22E3AF
Session-ID-ctx:
Resumption PSK: 0A3B34209E5B610A8D0290788D18644E92AB3E3D34E8E8DC62B28974EA7B3F245C2D79AA3C4DE7219B3F9BC6D9590AB7
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 52 01 36 c8 92 5b e5 fb-29 00 13 25 e9 0e a0 25 R.6..[..)..%...%
0010 - 2a 03 c0 5c bf de dd 9a-21 4e e8 55 76 f3 91 4f *..\....!N.Uv..O
0020 - 44 4c 24 7c 09 5e d5 f5-32 f2 24 68 f1 8d a6 05 DL$|.^..2.$h....
0030 - 20 f3 24 5e c7 4f cc af-d8 21 d3 3f 4b 87 27 de .$^.O...!.?K.'.
0040 - 8c cf 51 38 71 f9 39 e8-c2 10 70 97 b1 c6 f0 dc ..Q8q.9...p.....
0050 - aa 4e c5 9c a5 2f f1 e1-bf 1f cb 6a 1e e3 2f 8a .N.../.....j../.
0060 - ad 25 19 1b 11 91 a0 3d-78 27 04 46 42 d8 17 00 .%.....=x'.FB...
0070 - c8 cd 46 4d 05 c3 57 dc-de 0b a5 bb ce a5 89 00 ..FM..W.........
0080 - db 70 70 ac 8b f8 6f 34-5c 1a f9 3f 33 85 7e 30 .pp...o4\..?3.~0
0090 - f3 dc 27 35 c9 33 d9 c6-3d 58 f1 ab b1 aa 4c b4 ..'5.3..=X....L.
00a0 - c4 09 92 3c e6 fc e9 45-36 f4 01 8a 8e 89 c6 64 ...<...E6......d
00b0 - f2 f1 07 6c 4a 30 f5 7e-2f 2c a3 6b 2d ba 2b 42 ...lJ0.~/,.k-.+B
00c0 - 6b ac 43 b8 43 0c 69 63-88 2a 0c 7e 7a c3 60 b3 k.C.C.ic.*.~z.`.
Start Time: 1585330040
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCKHere is a part of the Postfix main.cf which I guess is related to that topic.
#
# TLS settings.
#
# SSL key, certificate, CA
#
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CApath = /etc/ssl/certsDoes somebody know what I have to do or what I did wrong?
Thank you and Kind Regards
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.