Hi,
I just created a new server using ClearOS V7.5 and everything seems to be fine except when I try and set up Windows PCs with Outlook to their mail accounts I am getting the error message:
log onto incoming mail server (IMAP): the connection to the server failed
Because I am running with a Lets Encrypt certificate, I have followed a procedure of how to associate the Let's Encrypt certificate to the mail server which involved the following (taken from the procedure):
This all seemed to work OK and I was able to initially connect the first PC to the email accounts and then I noticed there were some updates to the server software which I applied and then restarted the server afterwards, since that point I have been getting the error adding the Outlook email accounts. Sending the test message works OK it's only the "Log onto incoming mail server" part that fails and in the Office 365 version of Outlook you can't get beyond that point to add the accounts??
I have the server set in "Standalone - No Firewall" mode as I am behind a NAT router so I don't think the firewall is blocking connection from the same network. My router has ports 993 465 and 25 forwarded to the server's IP. So I am confused as to why the Windows Machines cannot connect to it. I have DNS entry set up so the internet domain name resolves to the internal IP address and pinging that does give the internal IP address not the external one so that's all working OK? I don't want to generate any internet traffic for machines on the inside of the networl.
Can anyone point me to what I have done wrong.
Siv
I just created a new server using ClearOS V7.5 and everything seems to be fine except when I try and set up Windows PCs with Outlook to their mail accounts I am getting the error message:
log onto incoming mail server (IMAP): the connection to the server failed
Because I am running with a Lets Encrypt certificate, I have followed a procedure of how to associate the Let's Encrypt certificate to the mail server which involved the following (taken from the procedure):
Fix permissions and ownership on the Let's Encrypt folders:
chown root:mail /etc/letsencrypt/live /etc/letsencrypt/archive
chmod 0750 /etc/letsencrypt/live /etc/letsencrypt/archive
SMTP Server (postfix):
Add the following to /etc/postfix/main.cf:
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_cert_file = /etc/letsencrypt/live/smtp.example.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/smtp.example.com/privkey.pem
Then restart postfix:
systemctl restart postfix.service
Now to force postfix to restart to read the new certificates each time they are updated by creating a file /var/clearos/events/lets_encrypt/postfix with 0755 permission and the following contents:
#!/bin/sh
sleep 10
systemctl condrestart postfix.service
If you copy and paste the following into a terminal this will create the file correctly for you:
echo '#!/bin/sh' > /var/clearos/events/lets_encrypt/postfix
echo >> /var/clearos/events/lets_encrypt/postfix
echo 'sleep 10' >> /var/clearos/events/lets_encrypt/postfix
echo >> /var/clearos/events/lets_encrypt/postfix
echo 'systemctl condrestart postfix.service' >> /var/clearos/events/lets_encrypt/postfix
chmod 0755 /var/clearos/events/lets_encrypt/postfix
POP and IMAP Server (cyrus-imapd):
Change the following in /etc/imapd.conf:
tls_key_file: /etc/letsencrypt/live/imap.example.com/privkey.pem
tls_cert_file: /etc/letsencrypt/live/imap.example.com/fullchain.pem
Then restart cyrus-imapd:
systemctl restart cyrus-imapd.service
Now to force cyrus-imapd to restart to read the new certificates each time they are updated by creating a file /var/clearos/events/lets_encrypt/cyrus-imapd with 0755 permission and the following contents:
#!/bin/sh
sleep 10
systemctl condrestart cyrus-imapd.service
If you copy and paste the following into a terminal this will create the file correctly for you:
echo '#!/bin/sh' > /var/clearos/events/lets_encrypt/cyrus-imapd
echo >> /var/clearos/events/lets_encrypt/cyrus-imapd
echo 'sleep 10' >> /var/clearos/events/lets_encrypt/cyrus-imapd
echo >> /var/clearos/events/lets_encrypt/cyrus-imapd
echo 'systemctl condrestart cyrus-imapd.service' >> /var/clearos/events/lets_encrypt/cyrus-imapd
chmod 0755 /var/clearos/events/lets_encrypt/cyrus-imapd
This all seemed to work OK and I was able to initially connect the first PC to the email accounts and then I noticed there were some updates to the server software which I applied and then restarted the server afterwards, since that point I have been getting the error adding the Outlook email accounts. Sending the test message works OK it's only the "Log onto incoming mail server" part that fails and in the Office 365 version of Outlook you can't get beyond that point to add the accounts??
I have the server set in "Standalone - No Firewall" mode as I am behind a NAT router so I don't think the firewall is blocking connection from the same network. My router has ports 993 465 and 25 forwarded to the server's IP. So I am confused as to why the Windows Machines cannot connect to it. I have DNS entry set up so the internet domain name resolves to the internal IP address and pinging that does give the internal IP address not the external one so that's all working OK? I don't want to generate any internet traffic for machines on the inside of the networl.
Can anyone point me to what I have done wrong.
Siv
In Mail
Share this post:
Accepted Answer
It looks like you've been given a lot of info in my absence. From what you've shown Attack Detector had blocked you. You can see all currently active Attack Detector and IPS blocks with the following one liner:
If you trust your LAN users, you can whitelist your LAN in the Attack Detector app. See the app documentationI am in a family environment and I whitelist my LAN. There are argument for and against it. Also in the doc is the command needed to unban an IP.
If you are setting up a lot of Outlook 2016 you may have an issue as its wizard initially tries to use the full e-mail address as the user name and this will trigger a block. Your IMAPS certificate is OK as you've already tested it from one of my earlier links.
/var/log/secure is not used by the cyrus-imap jail in fail2ban (the engine behind the Attack Detector app). It uses /var/log/maillog instead. Joining a domain should not trigger the cyrus-imap jail as it is only looking for pop and imap transactions. The jail block will trigger after 5 failed login attempts.
for SET in `ipset list -name | egrep 'f2b|snort'` ; do ipset list $SET -output save | sort | grep add | awk '{print $2 " " $3}'; donegrep Ban /var/log/fail2ban*If you trust your LAN users, you can whitelist your LAN in the Attack Detector app. See the app documentationI am in a family environment and I whitelist my LAN. There are argument for and against it. Also in the doc is the command needed to unban an IP.
If you are setting up a lot of Outlook 2016 you may have an issue as its wizard initially tries to use the full e-mail address as the user name and this will trigger a block. Your IMAPS certificate is OK as you've already tested it from one of my earlier links.
/var/log/secure is not used by the cyrus-imap jail in fail2ban (the engine behind the Attack Detector app). It uses /var/log/maillog instead. Joining a domain should not trigger the cyrus-imap jail as it is only looking for pop and imap transactions. The jail block will trigger after 5 failed login attempts.
Responses (28)
-
Accepted Answer
Nick,
Thanks for your update.
I will have a look at your linked procedure and see if at some point I can upgrade the box. I am pretty happy with it now that the email issue is understood and I am not 100% bothered about joining PCs to the ClearOS server as a DC, as it all works fine with them in the WORKGROUP workgroup. I can set up email now and they can see the network shares etc. It just may be if I do any more ClearOS boxes for my clients that they might want domain usage.
Siv -
Accepted Answer
The devs are working on productionising the howto I posted here for new installations. This has to be the first step. As part of this they will probably release the AD Connector for general use and we will then have a single box solution. You can relatively easily go through my HowTo on a separate box and have a standalone domain controller if you have spare hardware but Clearcenter has always offered a single box solution and they want to continue to do so.
There are a couple of issues the devs still need to test, particularly the "kludge" because of the nmb socket binding to 0.0.0.0/0.
To update an existing box will be harder. You will need to update the installation along the lines I have posted. Samba have published a migration process Migrating a Samba NT4 Domain to Samba AD (Classic Upgrade) and Dave was testing it. Once that is done the LDAP set up needs to be removed from ClearOS and the AD connector installed. This affects Windows Networking and I may have a problem there. I tested without even migrating to AD, just removing LDAP and joining ClearOS to the AD DC running on the same machine in Docker. That worked OK but when I then started running Windows Networking I hit a snag. Hopefully Dave can work his way round it. As this is is harder, the first step must be to get the AD DC going for a new installation.
If you just watch the forum and especially the thread I linked to you should see updates. It is likely there will be a Beta Testing announcement when it is ready. Unfortunately I can't see how to subscribe to a thread without replying to it. -
Accepted Answer
Nick,
Yes the issue was definitely to do with the Attack Detector since adding the jail file you suggested I am getting no issues setting up mail accounts from Windows PCs.
I will set your reply as the solution to my issue after updating this post and as always thanks for your help.
On another note I did see your sticky post about some of the issues blocking v1809 Windows 10 boxes being blocked from domain join, so thanks for that as I have had no luck trying to attach Windows 10 boxes to the domain. You mention in the post that the ClearOS devs are working on a fix for that, do you know if that will be rolled out to our 7.5 servers as an update or will we need a whole new release? If so, is there a mechanism for upgrading from one release to another, also is there some form of mailing list that I could join that alerts me to when this update will be available?
Sorry for all the questions!
Siv -
Accepted Answer
Nick,
I did stop the service through the dashboard and then started it back up again after I had created the jail.local file so I am hoping it's working.
I will try connecting to email via another machine running Windows next week as a test and will report back.
I think this will be the solution.
I will add this to my checklist of things to do when setting up a new ClearOS server that uses the attack detector.
If the next machine works OK then I will mark your post about adding the jail.local file as the solution.
Thanks again for your help.
Siv -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Nick,
Thanks for getting back to me. I certainly do trust the LAN as it is only used by me and my wife for running my business PC and the server is for my emails. Occasionally other members of my family use it for internet access with their phones though I have another broadband line that I have my ClearOS test server on which is running 7.4 ClearOS and hosts my gscomputing.co.uk mail server and is rarely used. So I tend to get them to connect to that one, in fact I will change the Wi-Fi password on my network and even the kids can use the other network as they have no need to be on my network.
I will follow the procedure to whitelist the lan and see if the next machine I connect to email has less issues.
Siv -
Accepted Answer
Dave Loper wrote:
Attack Detector will scan login faults for IMAP/POP by looking at the auth layer that you see there.
IMAP is one of those protocols that you can test via command line using 'telnet'. You can also use TLS from command line. Here is a great writeup:
https://tewarid.github.io/2011/05/10/access-imap-server-from-the-command-line-using-openssl.html
What is very neat about this is that you can do this from all over the place. Connecting from localhost to localhost is the division line between the problem existing via network issues and problems with the mail server.
Dave thanks for the link, I will have a good read through that over the weekend and post back, I should get chance to try and connect another laptop to see if it connects ok or not.
Siv -
Accepted Answer
Attack Detector will scan login faults for IMAP/POP by looking at the auth layer that you see there.
IMAP is one of those protocols that you can test via command line using 'telnet'. You can also use TLS from command line. Here is a great writeup:
https://tewarid.github.io/2011/05/10/access-imap-server-from-the-command-line-using-openssl.html
What is very neat about this is that you can do this from all over the place. Connecting from localhost to localhost is the division line between the problem existing via network issues and problems with the mail server. -
Accepted Answer
Dave,
Thanks for your reply, I am not sure what was going on as initially I was trying to connect Outlook on my Windows 10 laptop to my new server and it kept getting rejected even though i had set the user name to not include the "@sivill.com" bit, it appeared that Outlook 2016 was ignoring that and sending the full username@externaldomain whether the number of retries I did generated enough failed log entries to trigger the attack detector or whether it saw my laptop as an attacker straight off I don't know.
At some point in the proceedings I tried to join the laptop to the new domain to see if that made any difference and maybe that was what triggered the attack detector? The weird thing was after I had left it for a day and tried again it went in straight away and created the account on Outlook?
So I am mightily confused.
The log file at /var/log/secure had these entries:
Aug 26 18:56:40 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Aug 26 18:57:03 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:57:03 bigblue saslauthd[721]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:57:04 bigblue saslauthd[719]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:57:04 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:57:12 bigblue saslauthd[720]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:57:14 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:57:14 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:57:17 bigblue saslauthd[720]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:57:18 bigblue saslauthd[721]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:57:18 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:58:19 bigblue saslauthd[720]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 18:59:19 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:00:20 bigblue saslauthd[719]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:01:20 bigblue saslauthd[721]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:02:20 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:02:42 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:03:21 bigblue saslauthd[721]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:04:21 bigblue saslauthd[720]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:05:00 bigblue saslauthd[719]: pam_unix(smtp:auth): check pass; user unknown
Aug 26 19:05:00 bigblue saslauthd[719]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Aug 26 19:05:21 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:06:22 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:07:22 bigblue saslauthd[720]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:08:22 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:09:23 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:10:23 bigblue saslauthd[719]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:11:23 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:12:24 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:13:24 bigblue saslauthd[719]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:14:05 bigblue saslauthd[717]: pam_unix(smtp:auth): check pass; user unknown
Aug 26 19:14:05 bigblue saslauthd[717]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Aug 26 19:14:24 bigblue saslauthd[720]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:15:25 bigblue saslauthd[719]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:16:25 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:17:25 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:18:26 bigblue saslauthd[719]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:19:26 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:20:26 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:21:27 bigblue saslauthd[720]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:22:27 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:23:27 bigblue saslauthd[721]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:23:29 bigblue saslauthd[719]: pam_unix(smtp:auth): check pass; user unknown
Aug 26 19:23:29 bigblue saslauthd[719]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Aug 26 19:24:28 bigblue saslauthd[720]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:25:28 bigblue saslauthd[717]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:26:28 bigblue saslauthd[722]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=g
Aug 26 19:27:02 bigblue saslauthd[720]: pam_unix(smtp:auth): check pass; user unknown
What I am not sure about is why the error states "user unknown" as at that time my user "g" was created and was listed in the imap_plugin group users in the dashboard?
So whether something the updates I applied around that time disabled my account in IMAP or something??
Like I saisd in an earlier post, the next day after posting the problem here when I tried it the account accepted straight away?
Siv -
Accepted Answer
The attack detector looks at your log files to make the determination that it is under attack. Because of this, there is good log information about what happened and when. You can search your log files (/var/log/secure) for login attempts from your internal IP. If you know why your logins failed, for example you mistyped your password, you can remove the corresponding block which is an ipset rule. However, if you didn't try to log in with SSH to your server, you may have a trojan on your device which is infected. Either way, the attack detector is doing its job.
Here are some ipset rules that will be helpful:
ipset list [ SETNAME ]
ipset del SETNAME DEL-ENTRY [ DEL-OPTIONS ]
For example:
ipset list
ipset list f2b-sshd
ipset list f2b-sshd | grep 192.168.100.184
ipset del f2b-sshd 192.168.100.184
-
Accepted Answer
-
Accepted Answer
Nick,
I logged on this morning and decided to re-create my mailbox in Evo so I removed the old EWS account that was disabled and previously pointed to the Exchange Server account. I then removed the IMAP account that I had created initially before the updates occurred on the server that seemed to cause troubles with connecting Windows PCs. I then re-created my IMAP account and then tested the send to my other server and sure enough it now sends outbound so I can at least send email again! What the problem was with that I do not know?
So please ignore any side questions about sending email, I think that was a red herring.
I am going to try and connect another Windows PC now that my laptop connected OK and if that works OK then I will close this thread as it may all be some kind of transient issue caused by the updates being applied just at the wrong moment.
Siv -
Accepted Answer
Nick,
Testing shows that if I send email from my Linux Mint box using Evolution it sends OK in Evo and I get no errors but the message does not get through to external recipients.
I sent a test email to my wife's email address and that arrived OK (both parties are on the inside of the network and on the same domain [sivill.com]).
Sending and receiving email using Roundcube works fine to both internal and external recipients.
Siv -
Accepted Answer
Nick,
I can send emails out using roundcube and those do get through to my gscomputing.co.uk server and to external recipients. Email sent the other way works, inbound has always worked fine ever since I set it up on Friday evening Saturday morning. I only lobbed the fact that outbound wasn't working into the conversation as I wondered if that might tell you where the issue is.
Going back to the original issue, strangely, late last night after we last communicated I tried one more time to connect my Windows 10 laptop and it worked? The only thing that had changed was that I had by then removed the laptop from my old Windows domain so whether something from the old Windows domain was screwing things up? I don't know. It's now in the WORKGROUP workgroup rather than a domain.
Siv -
Accepted Answer
I'm confused on this one as it started just with an IMAP issue. I don't think it has anything to do with Let's Encrypt as you've tested the IMAPS connection with OpenSSH. You should be able to do the same with SMTPS.
Can you try bounding the problem testing with Roundcube and your normal client. Is a mail sent in one seen in the other and so on. Can either send to your other server? etc.
I'm not going to be able to help for a few days now, I'm afraid. -
Accepted Answer
Nick,
Thanks for what you have done so far, I am popping out to see my folks at some point soon so I won't be back until later on.
I have gone through the changes I have made to a vanilla ClearOS and compared them with the files on my other server and the file permissions and the content of the files is identical so I am pretty sure the changes I have made are not responsible, unless there is a difference in the way the 7.4 and 7.5 versions of ClearOS handle Let's Encrypt certificates and I didn't need to follow the procedure I have for ensuring that the Let's Encrypt certificate is being used by the IMAP and SMTP servers?
Siv -
Accepted Answer
-
Accepted Answer
Nick,
I also thought it might be wise to let you see the last bit of etc/postfix/main.cf just in case you can see an error in there:
# General settings
bounce_queue_lifetime = 6h
mailbox_size_limit = 102400000
message_size_limit = 51200000
luser_relay =
recipient_delimiter = +
message_strip_characters = \0
# Authentication with SASL
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
# Encryption with TLS
# smtpd_tls_auth_only = yes
smtpd_use_tls = yes
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_cert_file = /etc/letsencrypt/live/remote.sivill.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/remote.sivill.com/privkey.pem
# smtpd_tls_cert_file = /etc/postfix/cert.pem
# smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_loglevel = 1
# Mail restrictions
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
# Mail routing
mailbox_transport = mailpostfilter
content_filter = mailprefilter
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = $alias_maps, $virtual_maps, ldap:/etc/postfix/imap-aliases.cf, ldap:/etc/postfix/imap-groups.cf
local_recipient_maps = $alias_maps $virtual_alias_maps
# Outbound SMTP authentication
# smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# smtp_sasl_auth_enable = yes
# smtp_sasl_security_options =
Siv -
Accepted Answer
Nick,
I tried to connect again from my Windows machine and this is what appeared in the /var/log/maillog around that time:
Aug 27 11:29:46 bigblue imaps[20178]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Aug 27 11:29:46 bigblue imaps[20178]: login: localhost [::1] g PLAIN+TLS User logged in SESSIONID=<bigblue.sivill.local-20178-1535365786-1>
Aug 27 11:29:46 bigblue imaps[20178]: USAGE g user: 0.024905 sys: 0.006226
Aug 27 11:30:46 bigblue imaps[20261]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Aug 27 11:30:46 bigblue imaps[20261]: login: localhost [::1] g PLAIN+TLS User logged in SESSIONID=<bigblue.sivill.local-20261-1535365846-1>
Aug 27 11:30:46 bigblue imaps[20261]: USAGE g user: 0.035371 sys: 0.005895
Aug 27 11:31:46 bigblue imaps[20261]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Aug 27 11:31:46 bigblue imaps[20261]: login: localhost [::1] g PLAIN+TLS User logged in SESSIONID=<bigblue.sivill.local-20261-1535365906-1>
Aug 27 11:31:46 bigblue imaps[20261]: USAGE g user: 0.004814 sys: 0.000965
Aug 27 11:32:47 bigblue imaps[20594]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Aug 27 11:32:47 bigblue imaps[20594]: login: localhost [::1] g PLAIN+TLS User logged in SESSIONID=<bigblue.sivill.local-20594-1535365967-1>
Aug 27 11:32:47 bigblue imaps[20594]: USAGE g user: 0.032663 sys: 0.010032
Aug 27 11:33:02 bigblue postfix/anvil[20021]: statistics: max connection rate 1/60s for (smtp:191.17.246.235) at Aug 27 11:26:41
Aug 27 11:33:02 bigblue postfix/anvil[20021]: statistics: max connection count 1 for (smtp:191.17.246.235) at Aug 27 11:26:41
Aug 27 11:33:02 bigblue postfix/anvil[20021]: statistics: max cache size 1 at Aug 27 11:26:41
Aug 27 11:33:47 bigblue imaps[20661]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Aug 27 11:33:47 bigblue imaps[20661]: login: localhost [::1] g PLAIN+TLS User logged in SESSIONID=<bigblue.sivill.local-20661-1535366027-1>
Aug 27 11:33:47 bigblue imaps[20661]: USAGE g user: 0.028500 sys: 0.003188
Aug 27 11:34:47 bigblue imaps[20661]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Aug 27 11:34:47 bigblue imaps[20661]: login: localhost [::1] g PLAIN+TLS User logged in SESSIONID=<bigblue.sivill.local-20661-1535366087-1>
Aug 27 11:34:47 bigblue imaps[20661]: USAGE g user: 0.003871 sys: 0.002661
Aug 27 11:34:48 bigblue postfix/smtpd[20866]: connect from rrcs-76-81-211-10.west.biz.rr.com[76.81.211.10]
Aug 27 11:34:52 bigblue postfix/smtpd[20866]: warning: rrcs-76-81-211-10.west.biz.rr.com[76.81.211.10]: SASL LOGIN authentication failed: authentication failure
Aug 27 11:34:52 bigblue postfix/smtpd[20866]: disconnect from rrcs-76-81-211-10.west.biz.rr.com[76.81.211.10]
Aug 27 11:35:18 bigblue postfix/smtpd[21161]: connect from GSInspiron17.sivill.com[192.168.100.184]
Aug 27 11:35:18 bigblue postfix/smtpd[21161]: Anonymous TLS connection established from gsinspiron17.sivill.com[192.168.100.184]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 27 11:35:18 bigblue postfix/smtpd[21161]: DB2F680065727: client=GSInspiron17.sivill.com[192.168.100.184], sasl_method=LOGIN, sasl_username=g@sivill.com
Aug 27 11:35:18 bigblue postfix/cleanup[21163]: DB2F680065727: message-id=<>
Aug 27 11:35:18 bigblue postfix/qmgr[2430]: DB2F680065727: from=<g@sivill.com>, size=1097, nrcpt=1 (queue active)
Aug 27 11:35:18 bigblue postfix/smtpd[21161]: disconnect from GSInspiron17.sivill.com[192.168.100.184]
Aug 27 11:35:19 bigblue postfix/smtpd[21167]: connect from localhost[127.0.0.1]
Aug 27 11:35:19 bigblue postfix/smtpd[21167]: 0B3708006572C: client=localhost[127.0.0.1]
Aug 27 11:35:19 bigblue postfix/cleanup[21163]: 0B3708006572C: message-id=<20180827103519.0B3708006572C@remote.sivill.com>
Aug 27 11:35:19 bigblue postfix/smtpd[21167]: disconnect from localhost[127.0.0.1]
Aug 27 11:35:19 bigblue postfix/qmgr[2430]: 0B3708006572C: from=<g@sivill.com>, size=1375, nrcpt=1 (queue active)
Aug 27 11:35:19 bigblue postfix/pipe[21164]: DB2F680065727: to=<g@sivill.com>, relay=mailprefilter, delay=0.24, delays=0.08/0.01/0/0.15, dsn=2.0.0, status=sent (delivered via mailprefilter service)
Aug 27 11:35:19 bigblue postfix/qmgr[2430]: DB2F680065727: removed
Aug 27 11:35:19 bigblue amavis[2845]: (02845-04) ESMTP :10024 /var/lib/amavis/tmp/amavis-20180827T113519-02845-UDczAFEL: <g@sivill.com> -> <g@sivill.com> SIZE=1375 Received: from remote.sivill.com ([127.0.0.1]) by localhost (bigblue.sivi$
Aug 27 11:35:19 bigblue amavis[2845]: (02845-04) Checking: EFcUEpgw8DvX [127.0.0.1] <g@sivill.com> -> <g@sivill.com>
My laptop running Windows 10 v1803 is GSInspiron17 and in the manual settings I was using User Name: g and my password in the password box?
So it ain't happy.
The laptop is just in the WORKGROUP workgroup.
Siv -
Accepted Answer
Nick,
Whilst looking at /var/log/maillog I thought I would see what gets logged when I send an email as at the moment (and this may be related to this issue) I am becoming concerned that outbound email is not actually sending. I can access the mail server using Evolution on my Linux mint 19 box but I sent a test message to my other ClearOS server and did not see the email arrive on the mailbox I have on that. In the maillog this was the reported message:
Aug 27 11:12:09 bigblue postfix/smtpd[18181]: 53C758006572C: client=localhost[127.0.0.1]
Aug 27 11:12:09 bigblue postfix/cleanup[18177]: 53C758006572C: message-id=<341df1b5319cf54fe7cd7b4c4747bca26c0cbae2.camel@sivill.com>
Aug 27 11:12:09 bigblue postfix/smtpd[18181]: disconnect from localhost[127.0.0.1]
Aug 27 11:12:09 bigblue postfix/qmgr[2430]: 53C758006572C: from=<g@sivill.com>, size=10515, nrcpt=1 (queue active)
Aug 27 11:12:09 bigblue postfix/pipe[18178]: 3735380065726: to=<siv@gscomputing.co.uk>, relay=mailprefilter, delay=0.21, delays=0.05/0.01/0/0.15, dsn=2.0.0, status=sent (delivered via mailprefilter service)
Aug 27 11:12:09 bigblue postfix/qmgr[2430]: 3735380065726: removed
Aug 27 11:12:09 bigblue amavis[2841]: (02841-08) ESMTP :10024 /var/lib/amavis/tmp/amavis-20180827T054556-02841-3MNf5698: <g@sivill.com> -> <siv@gscomputing.co.uk> SIZE=10515 Received: from remote.sivill.com ([127.0.0.1]) by localhost (bi$
Aug 27 11:12:09 bigblue amavis[2841]: (02841-08) Checking: jq5zt1KN2KRr [127.0.0.1] <g@sivill.com> -> <siv@gscomputing.co.uk>
Aug 27 11:12:09 bigblue amavis[2841]: (02841-08) p003 1 Content-Type: multipart/alternative
Aug 27 11:12:09 bigblue amavis[2841]: (02841-08) p001 1/1 Content-Type: text/plain, size: 694 B, name:
Aug 27 11:12:09 bigblue amavis[2841]: (02841-08) p002 1/2 Content-Type: text/html, size: 8440 B, name:
Aug 27 11:12:10 bigblue amavis[2841]: (02841-08) dkim: candidate originators: From:<g@sivill.com>
Aug 27 11:12:10 bigblue amavis[2841]: (02841-08) dkim: not signing, empty signing domain, From: <g@sivill.com>
Aug 27 11:12:10 bigblue postfix/smtpd[18186]: connect from localhost[127.0.0.1]
Aug 27 11:12:10 bigblue postfix/smtpd[18186]: CB23780065726: client=localhost[127.0.0.1]
Aug 27 11:12:10 bigblue postfix/cleanup[18177]: CB23780065726: message-id=<341df1b5319cf54fe7cd7b4c4747bca26c0cbae2.camel@sivill.com>
Aug 27 11:12:10 bigblue postfix/smtpd[18186]: disconnect from localhost[127.0.0.1]
Aug 27 11:12:10 bigblue postfix/qmgr[2430]: CB23780065726: from=<g@sivill.com>, size=10961, nrcpt=1 (queue active)
Aug 27 11:12:10 bigblue amavis[2841]: (02841-08) jq5zt1KN2KRr FWD from <g@sivill.com> -> <siv@gscomputing.co.uk>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as CB23780065726
Aug 27 11:12:10 bigblue amavis[2841]: (02841-08) Passed CLEAN {RelayedOutbound}, LOCAL [127.0.0.1]:41738 [109.170.192.158] <g@sivill.com> -> <siv@gscomputing.co.uk>, Queue-ID: 53C758006572C, Message-ID: <341df1b5319cf54fe7cd7b4c4747bca26$
Aug 27 11:12:10 bigblue amavis[2841]: (02841-08) TIMING-SA total 1243 ms - parse: 1.45 (0.1%), extract_message_metadata: 15 (1.2%), get_uri_detail_list: 3.8 (0.3%), tests_pri_-1000: 4.1 (0.3%), tests_pri_-950: 1.24 (0.1%), tests_pri_-900$
Aug 27 11:12:10 bigblue postfix/smtp[18182]: 53C758006572C: to=<siv@gscomputing.co.uk>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.5, delays=0.08/0.01/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok$
Aug 27 11:12:10 bigblue postfix/qmgr[2430]: 53C758006572C: removed
Aug 27 11:12:10 bigblue amavis[2841]: (02841-08) size: 10514, TIMING [total 1441 ms] - SMTP greeting: 1.3 (0%)0, SMTP EHLO: 0.5 (0%)0, SMTP pre-MAIL: 0.5 (0%)0, SMTP pre-DATA-flush: 1.6 (0%)0, SMTP DATA: 38 (3%)3, check_init: 0.3 (0%)3, $
Aug 27 11:12:11 bigblue postfix/smtp[18187]: CB23780065726: to=<siv@gscomputing.co.uk>, relay=remote.gscomputing.co.uk[176.35.35.201]:25, delay=0.6, delays=0.03/0.01/0.27/0.29, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 315FFC0099F0$
Aug 27 11:12:11 bigblue postfix/qmgr[2430]: CB23780065726: removed
Which to my untrained eye looks like it did send, but I did not receive it on my other inbox, I then sent another test using roundcube webmail and sure enough it sent and I did receive it on my inbox for my other account. So it appears sending from roundcube works but not from Evolution? -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
So it looks like IMAPS is serving up the correct certificate.
For your mail settings, the Mail Domain should be whatever is after the @ in your e-mail address and the Mail Hostname should be the name of your mailserver as it is known internally and externally.
Can you check that:
resolves to your ClearOS LAN IP?host remote.sivill.com
I suspect the authentication failure indicates the error. It is trying to authenticate x@sivill.com, assuming x is your user name. This is wrong as I tried to indidate earlier. It should be trying to authenticate x on its own. The M$ wizard assumes your user name is your full e-mail address and this is wrong.
I have the same thing with Roundcube but I did not notice. As long as it resolves back to your LAN IP it is OK. Also remember this is a Web Server so it should resolve back to your domain, rather than to your e-mail server. Internally Roundcube then connects to your e-mail server. -
Accepted Answer
Nick,
One other thing that is a bit strange is that the link in the ClearOS dash that connects me to roundcube webmail is linking to:
https://sivill.com/webmail
Rather than:
https://remote.sivill.com/webmail
In System\Settings\Mail Settings: I have:
Mail Domain: sivill.com
Mail Hostname: remote.sivill.com
I put the first one to just sivill.com as that is what is after the @ in the email addresses?
Siv -
Accepted Answer
Nick,
Thanks for your reply:
My server is called bigblue.sivill.local and my internet domain name is remote.sivill.com.
The output from the command used in the link you pointed to returns this (I have removed large blocks of the Cert values as I am not sure if it poses a security risk plus it tool up a lot of space):
openssl s_client -showcerts -connect remote.sivill.com:993
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = remote.sivill.com
verify return:1
---
Certificate chain
0 s:/CN=remote.sivill.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIGDjCCBPagAwIBAgISA+aGvwSU5HjDJg6UwRr8SAyAMA0GCSqGSIb3DQEBCwUA
removed the middle bit
NoEzh6mGoCPTKMWBt1DmO3YROIbhBspO6tsVzcm8MExLvFH0Gu1yJv5cnYPuLtVV
3nrRkEfVw+PZ0fUEx7c/5Tf9
-----END CERTIFICATE-----
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
removed the middle bit
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=remote.sivill.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 3576 bytes and written 479 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-...-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 6BE2...FBB
Session-ID-ctx:
Master-Key: 405...6D97
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 37 0e 47 71 52 e1 47 66-85 c9 f1 dc 7c 38 53 76 7.GqR.Gf....|8Sv
0010 - ...
0020 - ...
0030 - ...
0040 - ...
0050 - ...
0060 - ...
0070 - ...
0080 - ...
0090 - 04 f7 bc 8e dd fd ae b7-08 5a e6 31 a7 ee d4 f2 .........Z.1....
Start Time: 1535306482
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN SASL-IR] bigblue.sivill.local Cyrus IMAP v2.4.17-Fedora-RPM-2.4.17-8.v7.1 server ready
So the certificate does look to be the Let's Encrypt one.
I had a look in the Mail logs and the error seems to be:
plaintext x@sivill.com SASL(-13): authentication failure: checkpass failed
Where x is any of my email accounts. I have checked the server passwords and re-input them carefully in the ClearOS Accounts section to make sure I have not entered them incorrectly.
This is a dump of /var/log/yum.log:
GNU nano 2.3.1 File: /var/log/yum.log
Aug 25 02:55:46 Updated: 1:app-network-core-2.5.4-1.v7.noarch
Aug 25 02:55:46 Updated: 1:app-network-2.5.4-1.v7.noarch
Aug 25 03:23:35 Installed: php-common-5.4.16-45.el7.x86_64
Aug 25 03:23:37 Installed: libtalloc-2.1.10-1.el7.x86_64
Aug 25 03:23:37 Installed: perl-Data-Dumper-2.145-3.el7.x86_64
Aug 25 03:23:38 Installed: libtevent-0.9.33-2.el7.x86_64
Aug 25 03:23:39 Installed: libtdb-1.3.15-1.el7.x86_64
Aug 25 03:23:39 Installed: samba-common-4.7.1-6.2.v7.noarch
Aug 25 03:23:40 Installed: 1
erl-Compress-Raw-Zlib-2.061-4.el7.x86_64
Aug 25 03:23:41 Installed: 2:libogg-1.3.0-7.el7.x86_64
Aug 25 03:23:41 Installed: 1:app-reports-core-2.5.0-1.v7.noarch
Aug 25 03:23:41 Installed: perl-LWP-MediaTypes-6.02-2.el7.noarch
Aug 25 03:23:42 Installed: 1:app-certificate-manager-2.4.23-1.v7.noarch
Aug 25 03:23:43 Installed: 1:system-mariadb-libs-5.5.56-2.v7.1.x86_64
Aug 25 03:23:43 Installed: python-six-1.9.0-2.el7.noarch
Aug 25 03:23:44 Installed: libva-1.8.3-1.el7.x86_64
Aug 25 03:23:45 Installed: perl-Sys-Syslog-0.33-3.el7.x86_64
Aug 25 03:23:45 Installed: 1:libvorbis-1.3.3-8.el7.1.x86_64
Aug 25 03:23:46 Installed: libldb-1.2.2-1.el7.x86_64
Aug 25 03:23:47 Installed: samba-common-libs-4.7.1-6.2.v7.x86_64
Aug 25 03:23:47 Installed: libwbclient-4.7.1-6.2.v7.x86_64
Aug 25 03:23:48 Installed: samba-client-libs-4.7.1-6.2.v7.x86_64
Aug 25 03:23:49 Installed: php-xml-5.4.16-45.el7.x86_64
Aug 25 03:23:50 Installed: php-mbstring-5.4.16-45.el7.x86_64
Aug 25 03:23:50 Installed: pyOpenSSL-0.13.1-3.el7.x86_64
Aug 25 03:23:52 Installed: 12:aspell-0.60.6.1-9.el7.x86_64
Aug 25 03:23:52 Installed: python2-pyasn1-0.1.9-7.el7.noarch
Aug 25 03:23:53 Installed: lm_sensors-libs-3.4.0-4.20160601gitf9185e5.el7.x86_64
Aug 25 03:23:54 Installed: perl-IO-Socket-IP-0.21-5.el7.noarch
Aug 25 03:23:54 Installed: perl-NetAddr-IP-4.069-3.el7.x86_64
Aug 25 03:23:54 Installed: opencv-core-2.4.5-3.el7.x86_64
Aug 25 03:23:55 Installed: python-ipaddress-1.0.16-2.el7.noarch
Aug 25 03:23:56 Installed: perl-XML-SAX-Base-1.08-7.el7.noarch
Aug 25 03:23:56 Installed: 1:app-reports-2.5.0-1.v7.noarch
Aug 25 03:23:56 Installed: 1:libtheora-1.1.1-8.el7.x86_64
Aug 25 03:23:58 Installed: php-cli-5.4.16-45.el7.x86_64
Aug 25 03:23:58 Installed: php-process-5.4.16-45.el7.x86_64
Aug 25 03:24:00 Installed: 1hp-pear-1.9.4-21.el7.noarch
Aug 25 03:24:01 Installed: php-pear-Net-Socket-1.0.14-1.el7.noarch
Aug 25 03:24:01 Installed: php-pear-Auth-SASL-1.0.6-5.el7.noarch
Aug 25 03:24:02 Installed: php-pear-Net-SMTP-1.7.3-1.el7.noarch
Aug 25 03:24:03 Installed: php-pear-Mail-Mime-1.10.2-1.el7.noarch
Aug 25 03:24:03 Installed: php-pdo-5.4.16-45.el7.x86_64
Aug 25 03:24:04 Installed: php-mysql-5.4.16-45.el7.x86_64
Aug 25 03:24:04 Installed: 1erl-TimeDate-2.30-2.el7.noarch
Aug 25 03:24:05 Installed: perl-HTTP-Date-6.02-8.el7.noarch
Aug 25 03:24:06 Installed: libv4l-0.9.5-4.el7.x86_64
Aug 25 03:24:06 Installed: 1:app-samba-common-core-2.4.0-1.v7.noarch
Aug 25 03:24:06 Installed: perl-Encode-Locale-1.03-5.el7.noarch
Aug 25 03:24:08 Installed: perl-Test-Harness-3.28-3.el7.noarch
Aug 25 03:24:08 Installed: perl-Test-Simple-0.98-243.el7.noarch
Aug 25 03:24:10 Installed: nscd-2.17-222.el7.x86_64
Aug 25 03:24:10 Installed: clamav-filesystem-0.99.3-1.v7.x86_64
[ Read 399 lines ]
I hope this let's you see what it was as this is a big issue.
I did not have this issue with prior installs using ClearOS 7.4.
These are the files that I changed to get Cyrus IMAP using the Let's Encrypt certificate.
File: /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: root
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_key_file: /etc/letsencrypt/live/remote.sivill.com/privkey.pem
tls_cert_file: /etc/letsencrypt/live/remote.sivill.com/fullchain.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
flushseenstate: 1
allowplaintext: yes
reject8bit: no
munge8bit: no
lmtp_over_quota_perm_failure: 1
timeout: 30
imapidlepoll: 60
idlesocket: /var/lib/imap/socket/idle
lmtpsocket: /var/lib/imap/socket/lmtp
allowapop: no
altnamespace: 0
unixhierarchysep: yes
lmtp_downcase_rcpt: yes
username_tolower: 1
autocreatequota: -1
createonpost: 1
virtdomains: off
[ Read 29 lines ]
File /etc/postfix/main.cf
Only the section I changed:
# Encryption with TLS
# smtpd_tls_auth_only = yes
smtpd_use_tls = yes
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_cert_file = /etc/letsencrypt/live/remote.sivill.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/remote.sivill.com/privkey.pem
# smtpd_tls_cert_file = /etc/postfix/cert.pem
# smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_loglevel = 1
I hope this helps. -
Accepted Answer
What did you update? Have a look at /var/log/yum.log.
See this link among others to check if IMAPS is serving the expected certificate.
Also check that Office365 is using the correct username e.g. user and not user@domain.com.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »