Just as long as you have https set up for both roundcube and
squirrelmail you could use port 25, tls is not necessary.
On 7/21/2019 9:02 PM, Angus McIntyre wrote:
Thanks to a great deal of help from Remi and Eric, I have now managed
to get my Ansible role to the point where it can successfully build
out a QMailToaster server running PHP 7.1 and RoundCube 1.4rc1.
However, because nothing is ever that easy, RoundCube and SquirrelMail
have now stopped sending mail (RainLoop works fine).
1) SquirrelMail
SquirrelMail was installed from the qmailtoaster RPMs, using:
yum --enablerepo=qmt-testing update
yum --enablerepo=qmt-devel update
as on the homepage of qmailtoaster.com. After installation, I patched
the Squirrelmail config and the smtps supervise as directed at:
http://www.qmailtoaster.com/sqmailconfig.html
Attempting to send from SquirrelMail produces the message:
0 Can't open SMTP stream
The /var/log/qmail/smtps/current log shows:
2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
:127.0.0.1::58822
2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
2019-07-22 02:45:15.197383500 tcpserver: status: 0/100
2) RoundCube
RoundCube is 1.4rc1, installed from the remi-test repo. Following
Eric's instructions, I edited '/etc/roundcubemail/config.inc.php' so
that it contains:
$config['smtp_server'] = 'tls://mail.myhost.com';
$config['smtp_conn_options'] = array(
'ssl' => array(
'peer_name' => 'mail.myhost.com',
'verify_peer' => true,
'verify_depth' => 3,
'cafile' => '/var/qmail/control/servercert.pem',
),
);
(where 'mail.myhost.com' is the actual name of my mailserver, as it
appears in the 'servercert.pem' file).
Trying to send from RoundCube produces a 220 Authentication Failed
message. The transcript in RoundCube's SMTP log looks like:
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Connecting to
tls://mail.myhost.com:587...
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 220 s6.myhost.net -
Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server ESMTP
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Send: EHLO mail.myhost.com
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250-s6.myhost.net -
Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250-STARTTLS
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250-PIPELINING
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250-8BITMIME
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250 SIZE 20971520
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Send: STARTTLS
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 220 ready for tls
[21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Send: RSET
[21-Jul-2019 22:27:08 -0400]: <hlsmc7nr> Send: QUIT
[21-Jul-2019 22:27:08 -0400]: <hlsmc7nr> Recv: 454 TLS connection
failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol (#4.3.0)
3) Desktop client
Trying to send from a desktop client (PostBox) also fails, generating
the warning:
Could not verify this certificate because the issuer is unknown
The issuer in this case is actually Sectigo, which is the new name for
Comodo, who should be reasonably reputable.
The 'servercert.pem' file that I'm using is generated from the same
'.key' and '.crt' files that I use to secure the webserver, which
appear to work fine in that context.
Has anyone encountered this issue, or can suggest a possible fix?
Thanks for any help you can give me,
Angus
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
