On Wed, January 14, 2026 3:44 am, Jay Hart wrote:
>>
>>> ERROR: Error connecting to SMTP server "10.20.30.11:25".Server
>>> error:
>>> (0)
>>>
>>> I have enabled enhanced logging for both php-fpm and postfix, Here are
>>> some logs entries:
>>>
>>> [root@kevla postfix]# tail /var/log/php-fpm/www-error.log
>>> [09-Jan-2026 21:07:20 America/New_York] PHP Warning: fsockopen():
>>> Failed
>>> to enable crypto in /usr/share/squirrelmail/src/configtest.php
>>> on line 405
>>> [09-Jan-2026 21:07:20 America/New_York] PHP Warning: fsockopen():
>>> Unable
>>> to connect to ssl://x.x.x.x:25 (Unknown error) in
>>> /usr/share/squirrelmail/src/configtest.php on line 405
>>> [10-Jan-2026 12:54:20 America/New_York] PHP Warning: fsockopen(): SSL
>>> operation failed with code 1. OpenSSL Error messages:
>>> error:0A00010B:SSL routines::wrong version number in
>>> /usr/share/squirrelmail/src/configtest.php on line 405
>>> [10-Jan-2026 12:54:20 America/New_York] PHP Warning: fsockopen():
>>> Failed
>>> to enable crypto in /usr/share/squirrelmail/src/configtest.php
>>> on line 405
>>> [10-Jan-2026 12:54:20 America/New_York] PHP Warning: fsockopen():
>>> Unable
>>> to connect to ssl://x.x.x.x:25 (Unknown error) in
>>> /usr/share/squirrelmail/src/configtest.php on line 405
>>> [10-Jan-2026 13:08:03 America/New_York] PHP Warning: fsockopen(): SSL
>>> operation failed with code 1. OpenSSL Error messages:
>>> error:0A00010B:SSL routines::wrong version number in
>>> /usr/share/squirrelmail/src/configtest.php on line 405
>>> [10-Jan-2026 13:08:03 America/New_York] PHP Warning: fsockopen():
>>> Failed
>>> to enable crypto in /usr/share/squirrelmail/src/configtest.php
>>> on line 405
>>> [10-Jan-2026 13:08:03 America/New_York] PHP Warning: fsockopen():
>>> Unable
>>> to connect to ssl://x.x.x.x:25 (Unknown error) in
>>> /usr/share/squirrelmail/src/configtest.php on line 405
>>>
>>> more /var/log/maillog |grep warning
>>> Jan 10 16:59:57 rocky postfix/smtpd[416626]: dict_lookup:
>>> helpful_warnings
>>> = (notfound)
>>> Jan 10 16:59:57 rocky postfix/smtpd[416626]: dict_update:
>>> helpful_warnings
>>> = yes
>>> Jan 10 16:59:57 rocky postfix/smtpd[416626]: warning: run-time library
>>> vs.
>>> compile-time header version mismatch: OpenSSL 3.5.0 may not be
>>> compatible with OpenSSL 3.2.0
>>> Jan 10 17:05:03 rocky postfix/smtpd[417102]: dict_lookup:
>>> helpful_warnings
>>> = (notfound)
>>> Jan 10 17:05:03 rocky postfix/smtpd[417102]: dict_update:
>>> helpful_warnings
>>> = yes
>>> Jan 10 17:05:03 rocky postfix/smtpd[417105]: dict_lookup:
>>> helpful_warnings
>>> = (notfound)
>>> Jan 10 17:05:03 rocky postfix/smtpd[417105]: dict_update:
>>> helpful_warnings
>>> = yes
>>> Jan 10 17:05:03 rocky postfix/smtpd[417102]: warning: run-time library
>>> vs.
>>> compile-time header version mismatch: OpenSSL 3.5.0 may not be
>>> compatible with OpenSSL 3.2.0
>>> Jan 10 17:05:03 rocky postfix/smtps/smtpd[417105]: warning: run-time
>>> library vs. compile-time header version mismatch: OpenSSL 3.5.0 may
>>> not be compatible with OpenSSL 3.2.0
>>
>> Those errors hint at cert or cipher mismatch, which would require more
>> detailed investigation on your part. You can always connect by hand
>> using
>> openssl s_client and see more details of the exchange. Or sniff it with
>> ngrep or the likes.
>>
>> On the other hand, it is quite possible that you have SquirrelMail set
>> to
>> connect over TLS immediately, and on port 25, you'll need to use
>> STARTTLS.
>> See $use_smtp_tls in SquirrelMail's config.php or re-run conf.pl ...
>> it's
>> still better to run a separate Postfix listener for picking up locally
>> submitted mail, because it should be handled differently.
>>
>> --
>> Paul Lesniewski
>> SquirrelMail Team
>> Please support Open Source Software by donating to SquirrelMail!
>> http://squirrelmail.org/donate_paul_lesniewski.php
>>
>
> Paul,
>
> Do you think it would be easier to just uninstall and reinstall postfix,
> openssl, and dovecot (and whatever else you think would be
> needed), then it would be to track this down via troubleshooting?
>
> I'm going back/forth on that question..
On one hand, if you've been changing configuration parameters without a
sense of what they do and it's become a mess, then it can be a good idea
to go back to a clean configuration. But you also need to work on the
problem and not unrelated things. Dovecot plays no role in any SMTP
connections for instance. You'd probably be best served by enabling the
TLS/SSL service on port 465 in Postfix's master.cf so you can stop using
port 25 for two completely different mail flows and that port is also
encrypted from the get-go which is how you might have configured
SquirrelMail.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [email protected]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
