php connexion to other mail server

Discussion in 'ISPConfig 3 Priority Support' started by jpcyrenne, Nov 2, 2020.

  1. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Good day,

    I've installed 2 VPS (one for web and one for mail) with ISPConfig : Ubuntu 20.04.1 LTS (Focal Fossa)) ISPConfig 3.2
    I can't seem to be able to send an email from the web server through the mail server from a php script.
    Everything I search (Google) seems to be related more to 'localhost' issues.

    Seems all good network wise (telnet from web to mail server)
    Code:
    # telnet mailer.XYZ.com 587
    Trying 51.161.xx.xx...
    Connected to mailer.XYZ.com.
    Escape character is '^]'.
    220 mailer.XYZ.com ESMTP Postfix (Ubuntu)
    Configs used:
    Code:
    ...
    use Swift_Mailer;
    use Swift_Message;
    
    // SMTP server configuration
    $smtp_server = 'mailer.XYZ.com';
    $username = '[email protected]';
    $password = 'MyPass##';
    $port = '587';
    $encryption = 'tls';
    ...
    I get this error : : 530 5.7.0 Must issue a STARTTLS command first
    I tried with $encryption = 'tls' and $encryption = 'ssl' with no success.

    Am I missing a parameter here? I've never tried connecting code to another ISPConfing mail server. It's the client's 'Swift_Mailer' (Symfony) code?
    I get a PHP error in the browser when I launch the script and I understand it is most probably an issue with the application/configuration.

    - Would you have a simple PHP script (with good parameters and no PHPMailer) for me to test this and prove it's the application?

    - Can these settings be put into the php.ini so the customer can use his regular mail() command ?

    Thank you,
    JP
     
  2. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    After working on this a bit more, it was an issue with the self-signed certificate. It can work with this:
    Code:
    $transport->setStreamOptions([
    'ssl' => ['allow_self_signed' => true,
    'verify_peer' => false,
    'verify_peer_name' => false]
        ]);
    FYI - It's also an issue I find mail clients but mostly with iPhones. We have to retry connection at least 3 times...

    Do you recommend I put a good certificate for emails?
    Would I change the configs here:
    Code:
    /etc/postfix/main.cf
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_security_level = may
    
    Could I Use Let'sEncrypt for a site called mail.XYZ.com and use it for mail TLS ? I seem that Email encryption and code signing require a different type of certificate. I'm not looking to sigh emails, just TLS to work without warnings.

    Thanks,

    JP
     
  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Yes, it helps with these sorts of client issues.
    You can either change the path to the cert/key files, or simply replace them with a symlink to your own files.
    Yes, that's a common setup. Also in 3.2 the installer can (attempt to) setup a letsencrypt certificate for your server's hostname, and will use that for smtp/pop3/imap as well, if you like using that hostname.
     
  4. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    I created a mailer.XYZ.com site and added the Let's Encrypt SSL option (works fine).

    I see they are stored here in the vhost and they are symlinks also:
    Code:
    SSLCertificateFile /var/www/clients/client0/web1/ssl/mailer.XYZ.com-le.crt
     SSLCertificateKeyFile /var/www/clients/client0/web1/ssl/mailer.XYZ.com-le.key
    I created these 2 simlinks in /etc/postfix:
    Code:
    smtpd.cert -> /etc/letsencrypt/live/mailer.XYZ.com/fullchain.pem
    lsmtpd.key -> /etc/letsencrypt/live/mailer.XYZ.com/privkey.pem
    FYI moved old ones before
    Code:
    smtpd2.cert -> /usr/local/ispconfig/interface/ssl/ispserver.crt
    smtpd2.key -> /usr/local/ispconfig/interface/ssl/ispserver.key
    
    and it restarted OK. I'll test to see if it's all good now.

    Can I expect these certs to be automatically rotated (every 2-3 months) with ISPConfig?

    Thank you for all these confirmations.
     
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Yes.
    But I am not sure about you setup, on my host LE makes the certificate files in /etc/letsencrypt directory tree.
    LE renews certificate when there is less than 30 days left.
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    As mentioned, it will update, but you might have to arrange for restarting postfix and dovecot after the certificate renews.
     
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  8. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Thank youvery much Jesse
     

Share This Page