1 (edited by zlinks 2017-11-29 19:09:58)

Topic: How to set up in iRedmail sending mail through smtp.mail.ru

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====Hello.
iRedmail product functionality was pleasant. I decided in the test environment to set up an email server with sending mail for foreign addresses through the mail.ru service, with integration of the server into the existing structure of AD, and upon operation to enter in продакшн. Basic data - OS Ubuntu 16.04 server, iredmail 0.9.7 (earlier version does not allow to set). At first I set up integration with AD under the article https://howitmake.ru/blog/ubuntu/81.html.
After internal mail was realized, passed to setup under this article http://trustore.ru/article/complex/223- … for-local.
I faced the following problem - after all actions described in article, mail through the accounting entry did not go to mail.ru.
The file/etc/postfix/main.cf contains lines:
relayhost = [smtp.mail.ru]:465
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
smtp_generic_maps = hash:/etc/postfix/generic

At /var/log/mail.log in attempt of sending the letter for a foreign address are present at this setup such line
postfix/smtp[8654]: SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger),

respectively mail does not go to a foreign address, but to internal addresses passes.
It is clear, that smtps requires that in case of connection establishment the security level with encoding was used, and for operation of a rayleigh it is required to enter these lines in/etc/postfix/main.cf.
But by default the file the option of lower level of safety smtp_tls_security_level = is used by may.
In attempt of use of options
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
having commented out parameter #smtp_tls_security_level = may in the file/etc/postfix/main.cf
I receive in logs, when sending the letter for a foreign address:
Nov 29 10:01:23 mail-srv postfix/submission/smtpd[1643]: connect from localhost[127.0.0.1]
Nov 29 10:01:23 mail-srv postfix/submission/smtpd[1643]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Nov 29 10:01:24 mail-srv postfix/submission/smtpd[1643]: B92F0101234: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=user@covp.loc
Nov 29 10:01:24 mail-srv postfix/cleanup[1647]: B92F0101234: message-id=<19e4919979b35d5eec0e7f209ea63607@covp.loc> Nov 29 10:01:24 mail-srv roundcube: <93lvb6ud> User user@covp.loc [192.168.1.53]; Message for 2004@mail.ru; 250: 2.0.0 Ok: queued as B92F0101234
Nov 29 10:01:24 mail-srv postfix/submission/smtpd[1643]: disconnect from localhost[127.0.0.1] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Nov 29 10:01:24 mail-srv postfix/qmgr[1602]: B92F0101234: from=<user@covp.loc>, size=541, nrcpt=1 (queue active)
Nov 29 10:01:25 mail-srv postfix/amavis/smtp[1649]: SSL_connect error to 127.0.0.1[127.0.0.1]:10026: -1
Nov 29 10:01:25 mail-srv postfix/amavis/smtp[1649]: warning: TLS library problem: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
Nov 29 10:01:26 mail-srv postfix/amavis/smtp[1649]: B92F0101234: to=<2004@mail.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.7, delays=0.56/0.15/0.98/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)

Also mail to internal addresses ceases to walk.
How it is possible to bypass a problem?....

Post's attachments

main.cf 11.42 kb, file has never been downloaded. 

master.cf 7.79 kb, 1 downloads since 2017-11-29 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: How to set up in iRedmail sending mail through smtp.mail.ru

zlinks wrote:

Nov 29 10:01:25 mail-srv postfix/amavis/smtp[1649]: SSL_connect error to 127.0.0.1[127.0.0.1]:10026: -1

Port 10026 is Amavisd service, it should be connected without SSL/TLS.

3

Re: How to set up in iRedmail sending mail through smtp.mail.ru

ZhangHuangbin wrote:

Port 10026 is Amavisd service, it should be connected without SSL/TLS.

How to set up it in this case?...

4

Re: How to set up in iRedmail sending mail through smtp.mail.ru

No idea. Port 10026 is served by Amavisd, there's no option to enable SSL.

A BAD and temporary solution is, disable spam/virus scanning for outgoing emails by commenting out "  -o content_filter=...:10026" line in /etc/postfix/master.cf, for "submission" transport.

5

Re: How to set up in iRedmail sending mail through smtp.mail.ru

ZhangHuangbin wrote:

No idea. Port 10026 is served by Amavisd, there's no option to enable SSL.

A BAD and temporary solution is, disable spam/virus scanning for outgoing emails by commenting out "  -o content_filter=...:10026" line in /etc/postfix/master.cf, for "submission" transport.

Yes, I thank for the hint, this option, for support of the current operability of the server I found half an hour ago and applied. But this decision is more similar to a temporal crutch. I think that developers, probably shall have an end-to-end solution of a problem.