email stopped working after ssl install

Discussion in 'Installation/Configuration' started by ariban99, Apr 13, 2016.

  1. ariban99

    ariban99 Member

    Hi,
    I installed ISPCONFIG 3 following this setup https://www.howtoforge.com/perfect-...l-php-pureftpd-postfix-dovecot-and-ispconfig3 and everything worked great.
    I then installed a free SSL, following the below instructions and now my emails are not longer working. i cant access roundcube, it says: cannot connect to storage server and in microsoft outlook i can send email but cant receive email. below are the mail logs.

    Visit http://www.startssl.com/ and create an account. After you have validated your domain (on the Validations Wizard tab), you can request your certificate on the Certificates Wizard tab - select Web Server SSL/TLS Certificate from the Certificate Target drop-down field
    then skip step 2 because our server has csr already generated

    cat /usr/local/ispconfig/interface/ssl/ispserver.csr
    copy and paste this key in startssl website
    and finish the wizard.

    After a while the ssl is ready, in startssl.com push toolbox and then select retrieve certificate.

    Copy the certificate and paste it in ssh, type:
    mv /usr/local/ispconfig/interface/ssl/ispserver.crt /usr/local/ispconfig/interface/ssl/ispserver.crt_bak
    nano /usr/local/ispconfig/interface/ssl/ispserver.crt

    paste the certificate

    cd /usr/local/ispconfig/interface/ssl
    wget https://www.startssl.com/certs/ca.pem
    wget https://www.startssl.com/certs/sub.class1.server.ca.pem

    mv ca.pem startssl.ca.crt
    mv sub.class1.server.ca.pem startssl.sub.class1.server.ca.crt
    cat startssl.sub.class1.server.ca.crt startssl.ca.crt > startssl.chain.class1.server.crt
    cat ispserver.{key,crt} startssl.chain.class1.server.crt > ispserver.pem
    chmod 600 ispserver.pem

    nano /etc/httpd/conf/sites-available/ispconfig.vhost
    by #ssl configuration add this line
    SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/startssl.sub.class1.server.ca.crt

    systemctl restart httpd

    cd /etc/postfix
    mv smtpd.cert smtpd.cert_bak
    mv smtpd.key smtpd.key_bak
    ln -s /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.cert
    ln -s /usr/local/ispconfig/interface/ssl/ispserver.key smtpd.key
    postconf -e 'smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt'

    systemctl restart postfix

    nano /etc/dovecot/dovecot.conf
    ADD THIS AFTER SSL_KEY
    ssl_ca = </usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt
    save and close

    systemctl restart dovecot

    cd /etc/ssl/private/
    mv pure-ftpd.pem pure-ftpd.pem_bak
    ln -s /usr/local/ispconfig/interface/ssl/ispserver.pem pure-ftpd.pem
    systemctl restart pure-ftpd

    MAIL LOGS:
    tail -n40 /var/log/maillog
    Apr 13 13:10:34 mydealsexpress postfix/smtpd[17416]: warning: unknown[185.103.253.223]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Apr 13 13:11:21 mydealsexpress postfix/smtpd[17416]: lost connection after AUTH from unknown[185.103.253.223]
    Apr 13 13:11:21 mydealsexpress postfix/smtpd[17416]: disconnect from unknown[185.103.253.223]
    Apr 13 13:12:11 mydealsexpress postfix/smtpd[17416]: connect from unknown[185.103.253.223]
    Apr 13 13:12:15 mydealsexpress postfix/smtpd[17416]: warning: unknown[185.103.253.223]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Apr 13 13:12:42 mydealsexpress postfix/smtpd[17416]: lost connection after AUTH from unknown[185.103.253.223]
    Apr 13 13:12:42 mydealsexpress postfix/smtpd[17416]: disconnect from unknown[185.103.253.223]
    Apr 13 13:12:59 mydealsexpress postfix/smtpd[17416]: connect from unknown[185.103.253.223]
    Apr 13 13:13:03 mydealsexpress postfix/smtpd[17416]: warning: unknown[185.103.253.223]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Apr 13 13:13:14 mydealsexpress postfix/smtpd[17416]: lost connection after AUTH from unknown[185.103.253.223]
    Apr 13 13:13:14 mydealsexpress postfix/smtpd[17416]: disconnect from unknown[185.103.253.223]
    Apr 13 13:14:01 mydealsexpress postfix/smtpd[17416]: connect from unknown[185.103.253.223]
    Apr 13 13:14:05 mydealsexpress postfix/smtpd[17416]: warning: unknown[185.103.253.223]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Apr 13 13:14:52 mydealsexpress postfix/smtpd[17416]: lost connection after AUTH from unknown[185.103.253.223]
    Apr 13 13:14:52 mydealsexpress postfix/smtpd[17416]: disconnect from unknown[185.103.253.223]
    Apr 13 13:15:01 mydealsexpress postfix/smtpd[17416]: connect from localhost[::1]
    Apr 13 13:15:01 mydealsexpress postfix/smtpd[17416]: lost connection after CONNECT from localhost[::1]
    Apr 13 13:15:01 mydealsexpress postfix/smtpd[17416]: disconnect from localhost[::1]
    Apr 13 13:15:01 mydealsexpress dovecot: imap-login: Error: SSL: Stacked error: error:0608308E:digital envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key
    Apr 13 13:15:01 mydealsexpress dovecot: master: Error: service(imap-login): command startup failed, throttling for 60 secs
    Apr 13 13:15:01 mydealsexpress dovecot: imap-login: Fatal: Can't load ssl_cert: error:0906D066:pEM routines:pEM_read_bio:bad end line
    Apr 13 13:15:01 mydealsexpress dovecot: pop3-login: Error: SSL: Stacked error: error:0608308E:digital envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key
    Apr 13 13:15:01 mydealsexpress dovecot: pop3-login: Fatal: Can't load ssl_cert: error:0906D066:pEM routines:pEM_read_bio:bad end line
    Apr 13 13:15:01 mydealsexpress dovecot: master: Error: service(pop3-login): command startup failed, throttling for 60 secs
    Apr 13 13:15:40 mydealsexpress postfix/smtpd[17416]: connect from unknown[185.103.253.223]
    Apr 13 13:15:44 mydealsexpress postfix/smtpd[17416]: warning: unknown[185.103.253.223]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Apr 13 13:16:01 mydealsexpress dovecot: imap-login: Error: SSL: Stacked error: error:0608308E:digital envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key
    Apr 13 13:16:01 mydealsexpress dovecot: imap-login: Fatal: Can't load ssl_cert: error:0906D066:pEM routines:pEM_read_bio:bad end line
    Apr 13 13:16:01 mydealsexpress dovecot: master: Error: service(imap-login): command startup failed, throttling for 60 secs
    Apr 13 13:16:16 mydealsexpress postfix/smtpd[17416]: lost connection after AUTH from unknown[185.103.253.223]
    Apr 13 13:16:16 mydealsexpress postfix/smtpd[17416]: disconnect from unknown[185.103.253.223]
    Apr 13 13:17:01 mydealsexpress dovecot: imap-login: Error: SSL: Stacked error: error:0608308E:digital envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key
    Apr 13 13:17:01 mydealsexpress dovecot: imap-login: Fatal: Can't load ssl_cert: error:0906D066:pEM routines:pEM_read_bio:bad end line
    Apr 13 13:17:01 mydealsexpress dovecot: master: Error: service(imap-login): command startup failed, throttling for 60 secs
    Apr 13 13:17:05 mydealsexpress postfix/smtpd[17416]: connect from unknown[185.103.253.223]
    Apr 13 13:17:09 mydealsexpress postfix/smtpd[17416]: warning: unknown[185.103.253.223]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Apr 13 13:18:03 mydealsexpress postfix/smtpd[17416]: lost connection after AUTH from unknown[185.103.253.223]
    Apr 13 13:18:03 mydealsexpress postfix/smtpd[17416]: disconnect from unknown[185.103.253.223]
    Apr 13 13:18:53 mydealsexpress postfix/smtpd[17416]: connect from unknown[185.103.253.223]
    Apr 13 13:18:56 mydealsexpress postfix/smtpd[17416]: warning: unknown[185.103.253.223]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    You should check your config.
    dovecot:
    Code:
    ssl_cert = </etc/postfix/smtpd.cert
    ssl_key = </etc/postfix/smtpd.key
    ssl_protocols = !SSLv2 !SSLv3
    ssl_ca = </etc/ssl/startssl/ca-bundle.crt
    ssl_client_ca_file = /etc/ssl/ca-bundle.crt
    ssl=yes
    
     
  3. ariban99

    ariban99 Member

    Thank you.
     
  4. DDArt

    DDArt Member HowtoForge Supporter

    This might be off topic, but will this be implemented automatically with let's encrypt for site and email when the 3.1 is released?
     

Share This Page