Author Topic: smtp ssl not working (Read 6646 times)

jtaco263 · « **on:** 2016-03-30, 00:40:23 »

even gmail said it doesnt support smtp ssl connection but its rare because imap and pop3 are working with ssl

but its rare i tried using tls on port 25 and it work great but tls on port 465 and 587 have an error

MRatWork · « **Reply #1 on:** 2016-03-30, 02:57:31 »

Investigate /var/qmail/supervise/smtp/run, /var/qmail/supervise/smtp-ssl/run and /var/qmail/supervise/submission/run files.

jtaco263 · « **Reply #2 on:** 2016-03-30, 06:54:45 »

Quote from: MRatWork on 2016-03-30, 02:57:31

Investigate /var/qmail/supervise/smtp/run, /var/qmail/supervise/smtp-ssl/run and /var/qmail/supervise/submission/run files.

/var/qmail/supervise/smtp/run:

Code: [Select]

#!/bin/sh

QMAILDUID=$(id -u qmaild)
NOFILESGID=$(id -g qmaild)
MAXSMTPD=$(cat /var/qmail/control/concurrencyincoming)
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"

if [ -f /var/qmail/control/hostname ] ; then
        HOSTNAME=$(cat /var/qmail/control/hostname)
else
        HOSTNAME=$(hostname)
fi

VCHKPW="/home/vpopmail/bin/vchkpw"

if [ -f /var/qmail/control/norecordio ] ; then
        RECORDIO=""
else
        RECORDIO="/usr/bin/recordio"
fi

#BLACKLIST=`cat /var/qmail/control/blacklists`
#RBLSMTPD="/usr/bin/rblsmtpd"

if [ -f /var/qmail/control/spamdyke ] ; then
        ### MR -- content of SPAMDYKE is '/usr/bin/spamdyke -f /etc/spamdyke.conf'
        VAR1=$(cat /var/qmail/control/spamdyke)
        VAR2=" --tls-level=smtp-no-passthrough"
        ### MR -- special for smtp tls
        SPAMDYKE=$VAR1$VAR2
else
        SPAMDYKE=""

        if [ -f /var/qmail/control/rblsmtpd ] ; then
                ### MR -- content of RBLSMTPD is '/usr/bin/rblsmtpd'
                RBLSMTPD=$(cat /var/qmail/control/rblsmtpd)
                BLACKLIST=$(cat /var/qmail/control/blacklists)
        else
                RBLSMTPD=""
                BLACKLIST=""
        fi
fi


if [ -f /var/qmail/control/softlimit ] ; then
        ### MR -- softlimit file must content with '/usr/bin/softlimit -m SOFTLIMITVAR'
        ### where SOFTLIMITVAR is 72000000 for 64bit and 18000000
       ### Note: incresing SOFTLIMITVAR if not enough (example: because 'login fail')
        SOFTLIMIT=$(cat /var/qmail/control/softlimit)
else
        SOFTLIMIT=""
fi

IP=0
PORT=25

### MR -- SSL must using SMTPS=1 and SSL=1 but non-SSL only SSL=0 (without SMTPS=0)
export SMTPAUTH="!" \
        SSL=0 \
        REQUIRE_AUTH=0 \
        FORCE_TLS=0 \
        DENY_TLS=0 \
        AUTH=1 \
        REQUIRE_AUTH=0 \
        ALLOW_INSECURE_AUTH=1

### MR -- spamhaus.org recommended for not using $RBLSMTPD $BLACKLIST entry before $SMTPD
exec $SOFTLIMIT \
        /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
        -u "$QMAILDUID" -g "$NOFILESGID" $IP $PORT $RECORDIO \
        $SPAMDYKE $RBLSMTPD $SMTPD $VCHKPW /bin/true 2>&1

/var/qmail/supervise/smtp-ssl/run:

Code: [Select]

#!/bin/sh

QMAILDUID=$(id -u qmaild)
NOFILESGID=$(id -g qmaild)
MAXSMTPD=$(cat /var/qmail/control/concurrencyincoming)
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"

if [ -f /var/qmail/control/hostname ] ; then
        HOSTNAME=$(cat /var/qmail/control/hostname)
else
        HOSTNAME=$(hostname)
fi

VCHKPW="/home/vpopmail/bin/vchkpw"

if [ -f /var/qmail/control/norecordio ] ; then
        RECORDIO=""
else
        RECORDIO="/usr/bin/recordio"
fi

#BLACKLIST=`cat /var/qmail/control/blacklists`
#RBLSMTPD="/usr/bin/rblsmtpd"

if [ -f /var/qmail/control/spamdyke ] ; then
        ### MR -- content of SPAMDYKE is '/usr/bin/spamdyke -f /etc/spamdyke.conf'
        VAR1=$(cat /var/qmail/control/spamdyke)
        VAR2=" --tls-level=smtps --tls-certificate-file=/var/qmail/control/servercert.pem"
        ### MR -- special for smtp-ssl
        SPAMDYKE=$VAR1$VAR2
else
        SPAMDYKE=""

        if [ -f /var/qmail/control/rblsmtpd ] ; then
                ### MR -- content of RBLSMTPD is '/usr/bin/rblsmtpd'
                RBLSMTPD=$(cat /var/qmail/control/rblsmtpd)
                BLACKLIST=$(cat /var/qmail/control/blacklists)
        else
                RBLSMTPD=""
                BLACKLIST=""
        fi
fi

if [ -f /var/qmail/control/softlimit ] ; then
        ### MR -- softlimit file must content with '/usr/bin/softlimit -m SOFTLIMITVAR'
        ### where SOFTLIMITVAR is 72000000 for 64bit and 18000000
       ### Note: incresing SOFTLIMITVAR if not enough (example: because 'login fail')
        SOFTLIMIT=$(cat /var/qmail/control/softlimit)
else
        SOFTLIMIT=""
fi

IP=0
PORT=465

### MR -- SSL must using SMTPS=1 and SSL=1 but non-SSL only SSL=0 (without SMTPS=0);
### remove SMTPS=1 and change to REQUIRE_AUTH=1
export SMTPAUTH="!" \
        SSL=1 \
        REQUIRE_AUTH=0 \
        FORCE_TLS=0 \
        DENY_TLS=0 \
        AUTH=1 \
        REQUIRE_AUTH=1 \
        ALLOW_INSECURE_AUTH=0

### MR -- spamhaus.org recommended for not using $RBLSMTPD $BLACKLIST entry before $SMTPD
exec $SOFTLIMIT \
        /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
        -u "$QMAILDUID" -g "$NOFILESGID" $IP $PORT $RECORDIO \
        $SPAMDYKE $RBLSMTPD $SMTPD $VCHKPW /bin/true 2>&1

/var/qmail/supervise/submission/run:

Code: [Select]

#!/bin/sh

QMAILDUID=$(id -u qmaild)
NOFILESGID=$(id -g qmaild)
MAXSMTPD=$(cat /var/qmail/control/concurrencyincoming)
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"

if [ -f /var/qmail/control/hostname ] ; then
        HOSTNAME=$(cat /var/qmail/control/hostname)
else
        HOSTNAME=$(hostname)
fi

VCHKPW="/home/vpopmail/bin/vchkpw"

if [ -f /var/qmail/control/norecordio ] ; then
        RECORDIO=""
else
        RECORDIO="/usr/bin/recordio"
fi

#BLACKLIST=`cat /var/qmail/control/blacklists`
#RBLSMTPD="/usr/bin/rblsmtpd"

if [ -f /var/qmail/control/spamdyke ] ; then
        ### MR -- content of SPAMDYKE is '/usr/bin/spamdyke -f /etc/spamdyke.conf'
        VAR1=$(cat /var/qmail/control/spamdyke)
        VAR2=" --tls-level=smtp-no-passthrough"
        ### MR -- special for smtp tls
        SPAMDYKE=$VAR1$VAR2
else
        SPAMDYKE=""

        if [ -f /var/qmail/control/rblsmtpd ] ; then
                ### MR -- content of RBLSMTPD is '/usr/bin/rblsmtpd'
                RBLSMTPD=$(cat /var/qmail/control/rblsmtpd)
                BLACKLIST=$(cat /var/qmail/control/blacklists)
        else
                RBLSMTPD=""
                BLACKLIST=""
        fi
fi

if [ -f /var/qmail/control/softlimit ] ; then
        ### MR -- softlimit file must content with '/usr/bin/softlimit -m SOFTLIMITVAR'
        ### where SOFTLIMITVAR is 72000000 for 64bit and 18000000
       ### Note: incresing SOFTLIMITVAR if not enough (example: because 'login fail')
        SOFTLIMIT=$(cat /var/qmail/control/softlimit)
else
        SOFTLIMIT=""
fi

IP=0
PORT=587

### MR -- SSL must using SMTPS=1 and SSL=1 but non-SSL only SSL=0 (without SMTPS=0)
export SMTPAUTH="!" \
        SSL=0 \
        REQUIRE_AUTH=0 \
        FORCE_TLS=1 \
        DENY_TLS=0 \
        AUTH=1 \
        REQUIRE_AUTH=0 \
        ALLOW_INSECURE_AUTH=0

### MR -- spamhaus.org recommended for not using $RBLSMTPD $BLACKLIST entry before $SMTPD
exec $SOFTLIMIT \
        /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
        -u "$QMAILDUID" -g "$NOFILESGID" $IP $PORT $RECORDIO \
        $SPAMDYKE $RBLSMTPD $SMTPD $VCHKPW /bin/true 2>&1

jtaco263 · « **Reply #3 on:** 2016-03-31, 18:42:12 »

@mratwork ? pls help

Quote from: MRatWork on 2016-03-30, 02:57:31

Investigate /var/qmail/supervise/smtp/run, /var/qmail/supervise/smtp-ssl/run and /var/qmail/supervise/submission/run files.

jtaco263 · « **Reply #4 on:** 2016-03-31, 23:35:43 »

thanks mustafa

spereira · « **Reply #5 on:** 2016-04-01, 01:04:13 »

Hi,

Check if smtp-ssl is running...

Code: [Select]

ps aux | grep smtp | grep 465
If not check, if the servercert.pem its OK!

jtaco263 · « **Reply #6 on:** 2016-04-01, 06:16:43 »

Quote from: spereira on 2016-04-01, 01:04:13

Hi,

Check if smtp-ssl is running...

Code: [Select]
ps aux | grep smtp | grep 465
If not check, if the servercert.pem its OK!

thanks 4 the reply

is running or not?

Code: [Select]

qmaild    4270  0.0  0.0   1908   352 ?        S    Mar30   0:00 /usr/bin/tcpserver -v -R -H -l sv1.dattasolutions.com.mx -x /etc/tcprules.d/tcp.smtp.cdb -c 100 -u 7791 -g 2108 0 465 /usr/bin/recordio /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true

and how do i check if servercert.pem its ok and where is located?

thanks 4 your help

spereira · « **Reply #7 on:** 2016-04-02, 13:07:45 »

My smtp have the cert...

Code: [Select]

qmaild   20113  0.0  0.0   4020   408 ?        S    Mar31   0:00 /usr/bin/tcpserver -v -R -H -l my.domain.net -x /etc/tcprules.d/tcp.smtp.cdb -c 100 -u 7791 -g 2108 0 465 /usr/bin/spamdyke -f /etc/spamdyke.conf --tls-level=smtps --tls-certificate-file=/var/qmail/control/servercert.pem /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true

As you see i have the --tls-certificate-file that you dont have.

The file is located at /var/qmail/control/servercert.pem.

If you dont have your SSL connection will not work!

I attach the default servercert.pem

MRatWork · « **Reply #8 on:** 2016-04-02, 13:28:54 »

Did you enable spamdyke in 'server mail settings'?

jtaco263 · « **Reply #9 on:** 2016-04-04, 03:32:28 »

Quote from: MRatWork on 2016-04-02, 13:28:54

Did you enable spamdyke in 'server mail settings'?

i did it but i disable it becuse no mails werre going out or in

MRatWork · « **Reply #10 on:** 2016-04-04, 03:39:36 »

So, what's 'my name' setting in 'server mail setttings'?.

jtaco263 · « **Reply #11 on:** 2016-04-04, 04:05:23 »

Quote from: MRatWork on 2016-04-04, 03:39:36

So, what's 'my name' setting in 'server mail setttings'?.

smtp.mydomain.tld is that right or just a name like john doe?

MRatWork · « **Reply #12 on:** 2016-04-04, 04:31:56 »

Quote from: jtaco263 on 2016-04-04, 04:05:23

Quote from: MRatWork on 2016-04-04, 03:39:36
So, what's 'my name' setting in 'server mail setttings'?.

smtp.mydomain.tld is that right or just a name like john doe?

Qmail defaultdomain and defaulthost use this 'my name'. So, use 'primary domain' for this 'my name'.

Author Topic: smtp ssl not working (Read 6646 times)

jtaco263

smtp ssl not working

MRatWork

Re: smtp ssl not working

jtaco263

Re: smtp ssl not working

jtaco263

Re: smtp ssl not working

jtaco263

Re: smtp ssl not working

spereira

Re: smtp ssl not working

jtaco263

Re: smtp ssl not working

spereira

Re: smtp ssl not working

MRatWork

Re: smtp ssl not working

jtaco263

Re: smtp ssl not working

MRatWork

Re: smtp ssl not working

jtaco263

Re: smtp ssl not working

MRatWork

Re: smtp ssl not working