Eric pointed at two links off-list. Sharing them here as one of them was
my issue - my mail server is behind a Cisco firewall that was inspecting
esmtp, and breaking the ability to use starttls with remote mail
servers. After following the steps on this page:
https://stomp.colorado.edu/blog/blog/2012/12/31/on-smtp-starttls-and-the-cisco-asa/
I was able to send emails over TLS to gmail and checktls.com.
Received: from mymachine.tld (mymachine.tld. [9.8.7.6])
by mx.google.com with ESMTPS id
n14si5034922qvr.97.2020.10.18.13.59.33
for <[email protected]>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 18 Oct 2020 13:59:34 -0700 (PDT)
Thank you, Eric for your help & support in resolving this!
On 10/17/20 8:44 PM, Jim McNamara wrote:
All steps performed, emails to google are still going un-encrypted -
[root@catchmail2 control]# qmailctl stop
Stopping qmail-toaster: svscan qmail logging.
[root@catchmail2 control]# systemctl stop dovecot
[root@catchmail2 control]# yum makecache
QMT Testing Repository 1.1 kB/s | 2.9 kB 00:02
QMT Testing Repository 94 kB/s | 57 kB 00:00
CentOS-8 - AppStream 1.6 kB/s | 4.3 kB 00:02
CentOS-8 - Base 14 kB/s | 3.9 kB 00:00
CentOS-8 - Extras 5.8 kB/s | 1.5 kB 00:00
Extra Packages for Enterprise Linux Modular 8 - x86_64 20 kB/s | 9.7
kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 77 kB/s | 4.4 kB 00:00
Remi's Modular repository for Enterprise Linux 8 - x86_64 5.7 kB/s |
3.5 kB 00:00
Safe Remi's RPM repository for Enterprise Linux 8 - x86_64 8.8 kB/s |
3.0 kB 00:00
Fedora 28 58 kB/s | 3.8 kB 00:00
Metadata cache created.
[root@catchmail2 control]# yum reinstall qmail simscan qmailadmin
dovecot vqadmin vpopmail libvpopmail ezmlm ezmlm-cgi
Last metadata expiration check: 0:00:12 ago on Sat 17 Oct 2020
08:35:38 PM EDT.
Installed package simscan-1.4.0-4.qt.el8.x86_64 (from qmt-testing) not
available.
No match for argument: libvpopmail
Dependencies resolved.
===================================================================================================================================================================================================================
Package Architecture Version
Repository Size
===================================================================================================================================================================================================================
Reinstalling:
dovecot x86_64 2:2.3.11.3-8.qt.el8
qmt-testing 17 M
ezmlm x86_64 0.53.324-3.qt.el8
qmt-testing 675 k
ezmlm-cgi x86_64 0.53.324-3.qt.el8
qmt-testing 51 k
qmail x86_64 1.03-3.3.1.qt.el8
qmt-testing 552 k
qmailadmin x86_64 1.2.16-5.1.qt.el8
qmt-testing 2.2 M
vpopmail x86_64 5.4.33-4.qt.el8
qmt-testing 385 k
vqadmin x86_64 2.3.7-4.qt.el8
qmt-testing 126 k
Transaction Summary
===================================================================================================================================================================================================================
Total download size: 21 M
Installed size: 78 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): ezmlm-cgi-0.53.324-3.qt.el8.x86_64.rpm 125 kB/s | 51 kB 00:00
(2/7): qmail-1.03-3.3.1.qt.el8.x86_64.rpm 729 kB/s | 552 kB 00:00
(3/7): ezmlm-0.53.324-3.qt.el8.x86_64.rpm 325 kB/s | 675 kB 00:02
(4/7): vpopmail-5.4.33-4.qt.el8.x86_64.rpm 381 kB/s | 385 kB 00:01
(5/7): vqadmin-2.3.7-4.qt.el8.x86_64.rpm 286 kB/s | 126 kB 00:00
(6/7): qmailadmin-1.2.16-5.1.qt.el8.x86_64.rpm 491 kB/s | 2.2 MB
00:04
(7/7): dovecot-2.3.11.3-8.qt.el8.x86_64.rpm 295 kB/s | 17 MB 00:59
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 361 kB/s | 21 MB 00:59
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: vpopmail-5.4.33-4.qt.el8.x86_64 1/1
Running scriptlet: vpopmail-5.4.33-4.qt.el8.x86_64 1/14
groupadd: group 'vchkpw' already exists
Reinstalling : vpopmail-5.4.33-4.qt.el8.x86_64 1/14
Running scriptlet: vpopmail-5.4.33-4.qt.el8.x86_64 1/14
Reinstalling : ezmlm-0.53.324-3.qt.el8.x86_64 2/14
Running scriptlet: qmail-1.03-3.3.1.qt.el8.x86_64 3/14
Adding qmailtoaster users and groups.
groupadd: group 'nofiles' already exists
groupadd: group 'qmail' already exists
Reinstalling : qmail-1.03-3.3.1.qt.el8.x86_64 3/14
Running scriptlet: qmail-1.03-3.3.1.qt.el8.x86_64 3/14
Creating queue/lock/trigger named pipe.
Compiling badmimetypes.
Compiling badloadertypes.
Making tlsserverciphers.
Linking tlsserverciphers to tlsclientciphers.
Making SSL certs.
maketestcrt -- Create self-signed test certificate
/var/qmail/control/servercert.pem already existsready exist, leaving
intact
yes: standard output: Broken pipe
Remove old 512 && 1024 bit dh files.
Making dh_keys.
Generating RSA private key, 2048 bit long modulus (2 primes)
......+++++
.......................................................................................................................+++++
e is 65537 (0x010001)
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........................................+...................................................+......................................................+....................................................................................+.......................................................................................................+...............................................................................+..............................................................+..............................................+.........................................+.....................................................................................................+..........+.+..............................................................................................................................................................................+...................................................................................................................................................+.........................................................+................................................................................................................................................................................................................................................................................................+...................................................................................................................................................+..........+...........................................+.........................................+.................................................................................................+.............................+..............................................................................................................................................................................+.............................................+................................................................................................................................................+.......................................................................................................................................................................................................................................................................................................+......................................+.............................................................+...........................................................................................................................................................................+.........................................................................................................................................................+.....................................+............................................................................................................................................................+.........................................+................................+...........................+....................................................................................+...................................................+......................................................................................................................................................................+.......................................................................................................................+.............+....................................................................................................................................................................................+.................................................................+......+...............................................................................+...............................................................................................................................+................+.....................................................................+.....................................................................................+........................................................................................................................+.....................................+...........+....................+.............................................................................................................................................+..................................................................................................................+.........................................................................................+................................................................................................................................................................+.........................................................+......................................+...........................................................................+..........................................................................................................................................................................................+............................................................................................................................................................................................+.............................+.................................................................+...............................+..............................................+......+..........................................................................................+.........................................................................+........................................................................................................................................................................................+....................................................................................................................................................................+...........+...........................+.......................................................................................+..........................................+....................................................................+.............+............................................................................................................................................................................................+..........................+..........................................................................................................................................................+..............................................................................................................................................................................................................................................................................................+........................................................................................+...............................................................................+..........................................................+................................................................................+...........+.........+.............................................................................................+......................................................................................................................................+..........................................................+...+..+.....................................................+...........................................................................................................................+.....................................................................................+...........................................................................................+..+..............................................................................+........+........................................................................................................................................................+.....................................................................................................+..........................................+...............+.................................................................................+............................................................+......................................................................+........+..............................................................................................................................................+.......................................................................................................................................................+..........+........................+..................................................................................................................................................................................................................................................................................................................+.......+......................................................................................................+......................................................................................................................................................................................................................................+.................................................................+...........................................................................................................................+...................................................................................................................................................................................................................+...+...........................................................+...........................++*++*++*++*
Reinstalling : qmailadmin-1.2.16-5.1.qt.el8.x86_64 4/14
Running scriptlet: qmailadmin-1.2.16-5.1.qt.el8.x86_64 4/14
No webmail.css to move
No webmail.css to remove
Reinstalling : ezmlm-cgi-0.53.324-3.qt.el8.x86_64 5/14
Reinstalling : vqadmin-2.3.7-4.qt.el8.x86_64 6/14
Running scriptlet: dovecot-2:2.3.11.3-8.qt.el8.x86_64 7/14
Reinstalling : dovecot-2:2.3.11.3-8.qt.el8.x86_64 7/14
Running scriptlet: dovecot-2:2.3.11.3-8.qt.el8.x86_64 7/14
Cleanup : qmailadmin-1.2.16-5.1.qt.el8.x86_64 8/14
Running scriptlet: qmail-1.03-3.3.1.qt.el8.x86_64 9/14
Cleanup : qmail-1.03-3.3.1.qt.el8.x86_64 9/14
Running scriptlet: qmail-1.03-3.3.1.qt.el8.x86_64 9/14
Cleanup : vqadmin-2.3.7-4.qt.el8.x86_64 10/14
Cleanup : ezmlm-cgi-0.53.324-3.qt.el8.x86_64 11/14
Cleanup : ezmlm-0.53.324-3.qt.el8.x86_64 12/14
Running scriptlet: vpopmail-5.4.33-4.qt.el8.x86_64 13/14
Cleanup : vpopmail-5.4.33-4.qt.el8.x86_64 13/14
Running scriptlet: dovecot-2:2.3.11.3-8.qt.el8.x86_64 14/14
Cleanup : dovecot-2:2.3.11.3-8.qt.el8.x86_64 14/14
Running scriptlet: dovecot-2:2.3.11.3-8.qt.el8.x86_64 14/14
Verifying : dovecot-2:2.3.11.3-8.qt.el8.x86_64 1/14
Verifying : dovecot-2:2.3.11.3-8.qt.el8.x86_64 2/14
Verifying : ezmlm-0.53.324-3.qt.el8.x86_64 3/14
Verifying : ezmlm-0.53.324-3.qt.el8.x86_64 4/14
Verifying : ezmlm-cgi-0.53.324-3.qt.el8.x86_64 5/14
Verifying : ezmlm-cgi-0.53.324-3.qt.el8.x86_64 6/14
Verifying : qmail-1.03-3.3.1.qt.el8.x86_64 7/14
Verifying : qmail-1.03-3.3.1.qt.el8.x86_64 8/14
Verifying : qmailadmin-1.2.16-5.1.qt.el8.x86_64 9/14
Verifying : qmailadmin-1.2.16-5.1.qt.el8.x86_64 10/14
Verifying : vpopmail-5.4.33-4.qt.el8.x86_64 11/14
Verifying : vpopmail-5.4.33-4.qt.el8.x86_64 12/14
Verifying : vqadmin-2.3.7-4.qt.el8.x86_64 13/14
Verifying : vqadmin-2.3.7-4.qt.el8.x86_64 14/14
Installed products updated.
Reinstalled:
dovecot-2:2.3.11.3-8.qt.el8.x86_64 ezmlm-0.53.324-3.qt.el8.x86_64
ezmlm-cgi-0.53.324-3.qt.el8.x86_64 qmail-1.03-3.3.1.qt.el8.x86_64
qmailadmin-1.2.16-5.1.qt.el8.x86_64 vpopmail-5.4.33-4.qt.el8.x86_64
vqadmin-2.3.7-4.qt.el8.x86_64
Complete!
[root@catchmail2 control]# qmailctl start
Starting qmail-toaster: svscan.
[root@catchmail2 control]# systemctl start dovecot
Received: from mymachine.tld (mymachine.tld. [9.8.7.6])
by mx.google.com with ESMTP id
j88si3945739qva.198.2020.10.17.17.39.46
for <[email protected]>;
Sat, 17 Oct 2020 17:39:46 -0700 (PDT)
[root@catchmail2 control]# tail -15 /var/log/qmail/send/current |
tai64nlocal
2020-10-17 20:32:45.531796500 status: local 0/10 remote 0/60
2020-10-17 20:35:11.747983500 status: qmail-todo stop processing asap
2020-10-17 20:35:11.747985500 status: exiting
2020-10-17 20:38:54.831394500 status: local 0/10 remote 0/60
2020-10-17 20:38:54.831396500 starting delivery 1: msg 8428249 to
local [email protected]
2020-10-17 20:38:54.831397500 status: local 1/10 remote 0/60
2020-10-17 20:38:55.909789500 delivery 1: deferral:
lda([email protected]):_Error:_net_connect_unix(/var/run/dovecot/stats-writer)_failed:_Permission_denied/
2020-10-17 20:38:55.909790500 status: local 0/10 remote 0/60
2020-10-17 20:39:46.472501500 new msg 8497403
2020-10-17 20:39:46.472502500 info msg 8497403: bytes 798 from
<[email protected]> qp 732415 uid 89
2020-10-17 20:39:46.472547500 starting delivery 2: msg 8497403 to
remote [email protected]
2020-10-17 20:39:46.472553500 status: local 0/10 remote 1/60
2020-10-17 20:39:47.141395500 delivery 2: success:
<[email protected]>_173.194.204.26_accepted_message./Remote_host_said:_250_2.0.0_OK__1602981587_j88si3945739qva.198_-_gsmtp/
2020-10-17 20:39:47.141578500 status: local 0/10 remote 0/60
2020-10-17 20:39:47.141672500 end msg 8497403
On 10/17/20 5:14 PM, Eric Broch wrote:
This is CentOS 8/MariaDB install?
If so, please reinstall these packages...
# qmailctl stop
# systemctl stop dovecot
# yum makecache
# yum reinstall qmail simscan qmailadmin dovecot vqadmin vpopmail
libvpopmail ezmlm ezmlm-cgi
# qmailctl start
# systemctl start dovecot
On 10/17/2020 2:23 PM, Jim McNamara wrote:
In my haste I had left out the last bit of data!
I have mariadb rather than mysql -\
[root@catchmail2 control]# yum list mariadb
Last metadata expiration check: 0:42:09 ago on Sat 17 Oct 2020
03:40:24 PM EDT.
Installed Packages
mariadb.x86_64 3:10.3.17-1.module_el8.1.0+257+48736ea6 @AppStream
[root@catchmail2 control]# yum list mysql
Last metadata expiration check: 0:42:21 ago on Sat 17 Oct 2020
03:40:24 PM EDT.
Available Packages
mysql.x86_64 8.0.21-1.module_el8.2.0+493+63b41e36 AppStream
[root@catchmail2 control]#
On 10/17/20 3:17 PM, Jim McNamara wrote:
Eric asked for a few bits of info.
[root@catchmail2 control]# ls -alrt /var/qmail/bin/
total 1620
-rwxr-xr-x. 1 root root 618 Dec 24 2013 update-simscan
-rwsr-xr-x. 1 root root 59256 Dec 21 2019 simscanmk
-rws--x--x. 1 clamscan root 105552 Dec 21 2019 simscan
-rws--x--x. 1 qmailq qmail 64808 Sep 29 17:19 qmail-queue
-rwxr-xr-x. 1 root qmail 371 Sep 29 17:19 qmail-qstat
-rwxr-xr-x. 1 root qmail 115 Sep 29 17:19 qail
-rwxr-xr-x. 1 root qmail 115 Sep 29 17:19 pinq
-rwxr-xr-x. 1 root qmail 179 Sep 29 17:19 mailsubj
-rwxr-xr-x. 1 root qmail 114 Sep 29 17:19 elq
-rwxr-xr-x. 1 root qmail 718 Sep 29 17:19 dh_key
-rwxr-xr-x. 1 root qmail 126 Sep 29 17:19 datemail
-rwxr-xr-x. 1 root qmail 1087 Sep 29 17:19 config-fast
-rwxr-xr-x. 1 root qmail 8393 Sep 29 17:19 makecert.sh
-rwxr-xr-x. 1 root qmail 28432 Sep 29 17:19 tcp-env
-rwxr-xr-x. 1 root qmail 36784 Sep 29 17:19 srsfilter
-rwx--x--x. 1 root qmail 12064 Sep 29 17:19 splogger
-rwxr-xr-x. 1 root qmail 37104 Sep 29 17:19 spfquery
-rwxr-xr-x. 1 root qmail 16144 Sep 29 17:19 sendmail
-rwxr-xr-x. 1 root qmail 20208 Sep 29 17:19 qsmhook
-rwxr-xr-x. 1 root qmail 32784 Sep 29 17:19 qreceipt
-rwx--x--x. 1 root qmail 32592 Sep 29 17:19 qmail-todo
-rwxr-xr-x. 1 root qmail 16096 Sep 29 17:19 qmail-tcpto
-rwxr-xr-x. 1 root qmail 16048 Sep 29 17:19 qmail-tcpok
-rwx------. 1 root qmail 12032 Sep 29 17:19 qmail-start
-rwxr-xr-x. 1 root qmail 219816 Sep 29 17:19 qmail-smtpd
-rwxr-xr-x. 1 root qmail 32560 Sep 29 17:19 qmail-showctl
-rwx--x--x. 1 root qmail 65712 Sep 29 17:19 qmail-send
-rwx--x--x. 1 root qmail 20288 Sep 29 17:19 qmail-rspawn
-rwx--x--x. 1 root qmail 65912 Sep 29 17:19 qmail-remote.orig
-rwxr-xr-x. 1 root qmail 24392 Sep 29 17:19 qmail-qread
-rwxr-xr-x. 1 root qmail 32704 Sep 29 17:19 qmail-qmtpd
-rwxr-xr-x. 1 root qmail 24480 Sep 29 17:19 qmail-qmqpd
-rwxr-xr-x. 1 root qmail 24432 Sep 29 17:19 qmail-qmqpc
-rwx--x--x. 1 root qmail 24472 Sep 29 17:19 qmail-pw2u
-rwx------. 1 root qmail 20224 Sep 29 17:19 qmail-newu
-rwxr-xr-x. 1 root qmail 20224 Sep 29 17:19 qmail-newst
-rwx------. 1 root qmail 20208 Sep 29 17:19 qmail-newmrh
-rwx------. 1 root qmail 24440 Sep 29 17:19 qmail-lspawn
-rwx--x--x. 1 root qmail 65736 Sep 29 17:19 qmail-local
-rwxr-xr-x. 1 root qmail 57440 Sep 29 17:19 qmail-inject
-rwx--x--x. 1 root qmail 11960 Sep 29 17:19 qmail-getpw
-rwx--x--x. 1 root qmail 16232 Sep 29 17:19 qmail-clean
-rwxr-xr-x. 1 root qmail 20224 Sep 29 17:19 qmail-badmimetypes
-rwxr-xr-x. 1 root qmail 20224 Sep 29 17:19 qmail-badloadertypes
-rwxr-xr-x. 1 root qmail 20368 Sep 29 17:19 qbiff
-rwxr-xr-x. 1 root qmail 20288 Sep 29 17:19 preline
-rwxr-xr-x. 1 root qmail 20432 Sep 29 17:19 predate
-rwxr-xr-x. 1 root qmail 24480 Sep 29 17:19 maildirwatch
-rwxr-xr-x. 1 root qmail 16032 Sep 29 17:19 maildirmake
-rwxr-xr-x. 1 root qmail 28544 Sep 29 17:19 maildir2mbox
-rwxr-xr-x. 1 root qmail 28432 Sep 29 17:19 instcheck
-rwxr-xr-x. 1 root qmail 32688 Sep 29 17:19 forward
-rwxr-xr-x. 1 root qmail 16016 Sep 29 17:19 except
-rwxr-xr-x. 1 root qmail 36832 Sep 29 17:19 condredirect
-rwxr-xr-x. 1 root qmail 16048 Sep 29 17:19 bouncesaying
drwxr-xr-x. 13 root qmail 159 Oct 1 10:09 ..
-rwxrwxrwx. 1 root qmail 7545 Oct 1 14:23 qmail-remote
drwxr-xr-x. 2 root qmail 4096 Oct 1 14:23 .
smtproutes is empty:
[root@catchmail2 control]# ls -al /var/qmail/control/smtproutes
-rw-r--r--. 1 root qmail 0 Sep 29 17:19 /var/qmail/control/smtproutes
tls info:
[root@catchmail2 control]# ls -al /var/qmail/control/tls*
lrwxrwxrwx. 1 root root 35 Oct 1 10:07
/var/qmail/control/tlsclientciphers ->
/var/qmail/control/tlsserverciphers
-rw-r--r--. 1 root qmail 3285 Oct 1 10:07
/var/qmail/control/tlsserverciphers
[root@catchmail2 control]# cat /var/qmail/control/tlsserverciphers
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ADH-SEED-SHA:SEED-SHA:IDEA-CBC-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM8:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM8:AES256-CCM:ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM8:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM8:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM8:AES128-CCM:ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM8:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:AES256-SHA256:CAMELLIA256-SHA256:AES128-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-CAMELLIA128-SHA256
One additional bit of info that may or may not be significant - my
servercert.pem is real-world valid, it is a godaddy wildcard
certificate that includes the key, crt, and the certificate chain.
On 10/16/20 7:24 AM, Jim McNamara wrote:
[root@catchmail2 control]# ls -la /var/qmail/control/
total 132
drwxr-xr-x. 3 root qmail 4096 Oct 16 01:01 .
drwxr-xr-x. 13 root qmail 159 Oct 1 10:09 ..
-rw-r--r--. 1 root qmail 32 Sep 29 17:19 badloadertypes
-rw-r--r-- 1 root root 2048 Oct 9 15:08 badloadertypes.cdb
-rw-r--r--. 1 root qmail 25 Sep 29 17:19 badmailfrom
-rw-r--r--. 1 root qmail 29 Sep 29 17:19 badmailto
-rw-r--r--. 1 root qmail 360 Sep 29 17:19 badmimetypes
-rw-r--r-- 1 root root 2048 Oct 9 15:08 badmimetypes.cdb
lrwxrwxrwx. 1 root qmail 14 Sep 29 17:19 clientcert.pem ->
servercert.pem
-rw-r--r--. 1 root qmail 4 Sep 29 17:19 concurrencyincoming
-rw-r--r--. 1 root qmail 3 Sep 29 17:19 concurrencyremote
-rw-r--r--. 1 root qmail 9 Sep 29 17:19 databytes
-rw-r--r--. 1 root qmail 11 Sep 29 17:19 defaultdelivery
-rw-r--r--. 1 root qmail 14 Oct 1 10:07 defaultdomain
-rw-r--r--. 1 root qmail 14 Oct 1 10:07 defaulthost
-rw-r--r-- 1 root qmail 424 Oct 16 01:01 dh2048.pem
drwxr-xr-x. 2 qmailr qmail 202 Oct 8 11:15 dkim
-rw-r--r--. 1 root root 10 Oct 6 09:45 locals
-rw-------. 1 root root 0 Oct 1 10:09 locals.lock
-rw-r--r--. 1 root qmail 4 Sep 29 17:19 logcount
-rw-r--r--. 1 root qmail 8 Sep 29 17:19 logsize
-rw-r--r--. 1 root qmail 25 Oct 1 10:07 me
-rw-r-----. 1 root vchkpw 2830 Oct 1 10:07 orig-servercert.pem
-rw-r--r--. 1 root qmail 14 Oct 1 10:07 plusdomain
-rw-r--r--. 1 root qmail 0 Sep 29 17:19 policy
-rw-r--r--. 1 root qmail 6 Sep 29 17:19 queuelifetime
-rw-r--r--. 1 root root 251 Oct 6 09:45 rcpthosts
-rw-------. 1 root root 0 Oct 1 10:09 rcpthosts.lock
-rw-r--r-- 1 root qmail 1679 Oct 16 01:01 rsa2048.pem
-rw-r----- 1 root vchkpw 8934 Oct 15 16:43 servercert.pem
-rw-r--r--. 1 46 root 59 Dec 24 2013 simcontrol
-rw-r--r-- 1 root root 2129 Oct 9 15:08 simcontrol.cdb
-rw-r--r-- 1 root root 2166 Oct 9 15:08 simversions.cdb
-rw-r--r--. 1 root qmail 87 Oct 1 10:07 smtpgreeting
-rw-r--r--. 1 root qmail 0 Sep 29 17:19 smtproutes
-rw-r--r--. 1 root qmail 2 Sep 29 17:19 spfbehavior
lrwxrwxrwx. 1 root root 35 Oct 1 10:07 tlsclientciphers ->
/var/qmail/control/tlsserverciphers
-rw-r--r--. 1 root qmail 3285 Oct 1 10:07 tlsserverciphers
-rw-r--r--. 1 root root 452 Oct 6 09:45 virtualdomains
-rw-------. 1 root root 0 Oct 1 10:09 virtualdomains.lock
CheckTLS.com reports:
FAILED FAILED //email/test From: Your email was sent, however it
was NOT SENT SECURELY using TLS.
The log of the mail to checktls.com -
2020-10-16 07:14:48.069306500 new msg 8497405
2020-10-16 07:14:48.069309500 info msg 8497405: bytes 817 from
<[email protected]> qp 569418 uid 89
2020-10-16 07:14:48.069310500 starting delivery 87: msg 8497405 to
remote [email protected]
2020-10-16 07:14:48.069311500 status: local 0/10 remote 1/60
2020-10-16 07:14:48.521062500 delivery 87: success:
<[email protected]>_165.227.190.238_accepted_message./Remote_host_said:_250_Ok/
2020-10-16 07:14:48.521064500 status: local 0/10 remote 0/60
2020-10-16 07:14:48.521065500 end msg 8497405
2020-10-16 07:14:57.942882500 new msg 8497405
2020-10-16 07:14:57.942883500 info msg 8497405: bytes 2348 from
<[email protected]> qp 569438 uid 89
2020-10-16 07:14:57.942884500 starting delivery 88: msg 8497405 to
local [email protected]
2020-10-16 07:14:57.942885500 status: local 1/10 remote 0/60
2020-10-16 07:14:57.997390500 delivery 88: success:
lda([email protected]):_Error:_net_connect_unix(/var/run/dovecot/stats-writer)_failed:_Permission_denied/did_0+0+1/
2020-10-16 07:14:57.997392500 status: local 0/10 remote 0/60
2020-10-16 07:14:57.997393500 end msg 8497405
I obscured my public IP in the thread to 9.8.7.6, but the headers
in the gmail message show my mail server's IP, there is no
smarthost that I am aware of.
On 10/15/20 7:51 PM, Eric Broch wrote:
I can't remember a time when sending to gmail failed to produce a
tls connection. I don't wonder if there is a smarthost in between
stopping it?
On 10/15/2020 5:23 PM, Jaime Lerner wrote:
An easier place to check is to go to checktls.com to get an
excellent output of your mailserver connection and whether it is
using TLS.
Might help with trouble-shooting....
*From: *Eric Broch <[email protected]>
*Reply-To: *<[email protected]>
*Date: *Thursday, October 15, 2020 at 5:39 PM
*To: *<[email protected]>
*Subject: *Re: [qmailtoaster] QMT is not issuing a STARTTLS on
outbound SMTP
What's this look like
# ls -la /var/qmail/control
On 10/15/2020 2:54 PM, Jim McNamara wrote:
[root@catchmail2 control]# yum list installed | grep qmail
qmail.x86_64 1.03-3.3.1.qt.el8 @qmt-testing
qmailadmin.x86_64 1.2.16-5.1.qt.el8 @qmt-testing
qmailmrtg.x86_64 4.2-4.qt.el8 @qmt-testing
On 10/15/20 4:48 PM, Eric Broch wrote:
What version of qmail?
On 10/15/2020 2:47 PM, Jim McNamara wrote:
Received: from mymachine.tld (mymachine.tld. [9.8.7.6])
by mx.google.com with ESMTP id
p5si1775654qvb.199.2020.10.15.09.52.15
for <[email protected]
<mailto:[email protected]>>;
Thu, 15 Oct 2020 09:52:15 -0700 (PDT)
Received: from mymachine.tld (mymachine.tld. [9.8.7.6])
by mx.google.com with ESMTP id
n10si156346qvl.1.2020.10.15.13.37.49
for <[email protected]
<mailto:[email protected]>>;
Thu, 15 Oct 2020 13:37:49 -0700 (PDT)
No mention whatsoever of TLS, the next lines of the
headers begin:
Received-SPF: pass
On 10/15/20 3:32 PM, Eric Broch wrote:
Check the header of an email you've sent to Gmail
from your QMT,
you should see something like the following:
Received: from localhost (mx.mydomain.com.
[xxx.xxx.xxx.xxx])
by mx.google.com with ESMTPS id
be3si1766151plb.73.2020.10.15.11.34.29
for <[email protected]
<mailto:[email protected]>>
(version=TLS1_3
cipher=TLS_AES_256_GCM_SHA384
bits=256/256);
I'm sending from a CentOS 8/QMT I just fired up and
am testing.
Eric
On 10/15/2020 12:57 PM, Jim McNamara wrote:
Hello, list!
According to
http://www.qmailtoaster.net/notls.html , all
outbound
SMTP should be using TLS unless a domain is
configured explicitly
not use it. However, without even creating the
directory
/var/qmail/control/notlshosts every message I
send from my server
to gmail.com is going unencrypted. The
/var/log/qmail/send/current
file has entries like:
2020-10-15 14:29:58.418313500 new msg 8428251
2020-10-15 14:29:58.418315500 info msg 8428251:
bytes 574 from
<[email protected] <mailto:[email protected]>> qp
511025 uid 89
2020-10-15 14:29:58.418336500 starting delivery
1: msg 8428251 to
remote [email protected]
<mailto:[email protected]>
2020-10-15 14:29:58.418337500 status: local
0/10
remote 1/60
2020-10-15 14:29:59.220407500 delivery 1:
success:
<[email protected]
<mailto:[email protected]>>_173.194.204.26_accepted_message./Remote_host_said:_250_2.0.0_OK__1602786599_w13si301qtv.16_-_gsmtp/
2020-10-15 14:29:59.220525500 status: local
0/10
remote 0/60
2020-10-15 14:29:59.220563500 end msg 8428251
The message in gmail shows up with the padlock
having a red line
through it, indicating it was not encrypted
during transit. Since
I see the 250 in the send log, I would assume
that should my
server attempt to use TLS, there should be a,
"starttls" getting
logged?
My /var/qmail/supervise/send/run file is
simply:
#!/bin/sh
exec /var/qmail/rc
Did I do something wrong that outbound SMTP is
not even asking for
TLS?
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
For additional commands, e-mail:
[email protected]
