Cant send mail port465

Discussion in 'ISPConfig 3 Priority Support' started by babydunk, Jun 14, 2016.

  1. babydunk

    babydunk Member HowtoForge Supporter

    i just seem to be going round in circles

    here is my warn.log
    heres is postconf -n
     
    Last edited: Jun 16, 2016
  2. babydunk

    babydunk Member HowtoForge Supporter

    here is my master.cf

    this is a freshly installed machine. i followed this guide for ssl which has never let me down before. https://www.howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl


    heads pickled going around in circles

    thanks in advance ;)
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    master.cf looks fine. The issue is most likely a corrupted or wrong ssl cert. Did it work before you added the startssl cert?
     
  4. babydunk

    babydunk Member HowtoForge Supporter

    I never checked it to be honest. Just been trying to get everything back to normal and as quick as possible lol But it works for the domain.tld . When I visit the domain.tld . It is encrypted with the green padlock and say verifed startcom .

    Best thing to do is reinstall the certificate from start to finish then.

    Im out at a school play (daughters acting a munchkin ) it will be the first thing to try once I get back

    Cheers Till
     
  5. babydunk

    babydunk Member HowtoForge Supporter

    which certificate do i use . startssl has changed since that tutorial was writen. i get a list of certificate apacheserver, iisserver, nginxserver, otherserver.

    now the first time i placed the nginx version of the cert but it comes as 2 certs in the one file. i choose nginx as thats the server im running.
    but if you check the tutorial their is just one cert within the ispserver.crt. so i change the cert to the apache version domain.tld.crt

    its just the same as before . i get the grean padlock and verified by startcom ltd, when i connect to purftpd over tls the cert verified window pops up for to trust it . which states that its a cert from startcom.

    but the emails still wont sent. have followed the tutorial to the T and i know that tutorial works. i have used it twice with a great outcomes.

    it just hasnt been my best last couple of days lol
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The certificate file has just to contain the ssl certifucate and no intermediate certs. Choose either the other cert or the apache cert and check that the file just contains one ssl cert. then restart postfix.
     
  7. babydunk

    babydunk Member HowtoForge Supporter

    i still cant get out going mail to work. i have created 3 brand new certificates since your last message,i have been following the guide 100%

    at present i am using the cert from otherserver and im using the 2_domain.tld.crt. i presume this is the correct cert, seen as its for the domain its registered for ?

    if that is correct then their must be a problem else where .

    i removed all files from /usr/local/ispconfig/interface/ssl/ and done
    and continued on from their on the guide .
     
    Last edited: Jun 15, 2016
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the complete postfix main.cf file.
     
  9. babydunk

    babydunk Member HowtoForge Supporter

    Good Morning Till, i hope your well

    heres my main.cf
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    That looks fine so far. Please post the output of:

    ls -la /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt
    ls -la /etc/postfix/smtpd.cert
    ls -la /etc/postfix/smtpd.key
     
  11. babydunk

    babydunk Member HowtoForge Supporter

    hi Till

    as requested :)
    these persmission look wrong, would that be right?
    /etc/postfix/smtpd.key
    /etc/postfix/smtpd.cert
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    That's ok as these are symlinks. Follow the symlink by checking the crt and key file now:

    ls -la /usr/local/ispconfig/interface/ssl/ispserver.crt
    ls -la /usr/local/ispconfig/interface/ssl/ispserver.key
     
  13. babydunk

    babydunk Member HowtoForge Supporter

     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe the rights are too "open" for postfix as the SSL key should not be world readable. Please try a:

    chmod 600 /usr/local/ispconfig/interface/ssl/ispserver.key

    and restart postfix.
     
  15. babydunk

    babydunk Member HowtoForge Supporter

    Good Morning Till :D

    im gonna be the bane of your life lol

    that didnt work either im still getting the same errors:(

    i changed permissions on ispserver.key
    but that didnt work so i also changed permissions on ispserver.crt

    both actions didnt change, still get errors
     
    Last edited: Jun 17, 2016
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    Please set:

    smtpd_use_tls = yes

    in main.cf and restart postfix.
     
  17. babydunk

    babydunk Member HowtoForge Supporter

    Still the same Till :(

    are the permission correct for the rest of the Certs.
     
    Last edited: Jun 17, 2016
  18. babydunk

    babydunk Member HowtoForge Supporter

    heres some mail.log's , i dont know if they will be any use
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    Please check the content of this file: /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt
    According to the log, postfix is not able to read it or that its content is not correct.
     
  20. babydunk

    babydunk Member HowtoForge Supporter

    You Are A Genius ;):p

    this is how the first line looked
    should this even be in the "startssl.chain.class1.server.crt"

    many many thanks :D
    Chris
     
    Last edited: Jun 17, 2016

Share This Page