Wordpress, Roundcube & Postfix TLS library error

Discussion in 'Server Operation' started by mmdollar, Feb 21, 2017.

  1. mmdollar

    mmdollar Member

    Hello everyone I have this problem when trying to use Wordpress with roundcube and postfix. Here is my setup, I have 2 Debian-Jessie servers (nginx/mysql/roundcube) & (mail server/postfix). I want my Wordpress site to use my mailserver. I can receive and send emails with Roundcube & Thunderbird with TSL but when I try it with Wordpress (using a plugin) on port 25 or other ports I get this error:
    Code:
    TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1315:SSL alert number 48
    Here is the result when I try and test the mail server:
    Code:
    Connecting to XX.XX.XX.XXX
    220 mail.example.com ESMTP Postfix (Debian/GNU) [2219 ms]
    EHLO PWS3.mxtoolbox.com
    250-mail.example.com
    250-PIPELINING
    250-SIZE
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN [797 ms]
    MAIL FROM:<supertool@mxtoolbox.com>
    250 2.1.0 Ok [828 ms]
    RCPT TO:<test@example.com>
    454 4.7.1 <test@example.com>: Relay access denied [828 ms]
    
    PWS3v2 6594ms
    This is my postfix conf:
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    readme_directory = /usr/share/doc/postfix
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated            defer_unauth_destination
    myhostname = mail.example.com
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = mail.example.com, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,      proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    inet_protocols = all
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,   reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-    virtual_recipient.cf
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman,      proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps    $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $reloc$
    smtpd_sender_restrictions = check_sender_access    regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks,    permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-   virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-   virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-     virtual_sender_login_maps.cf
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks,    check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname,    reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    Here is the Roundcube config file:
    Code:
    $config = array();
    /* Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database ! */
    include_once("/etc/roundcube/debian-db-roundcube.php");
    // The mail host chosen to perform the log-in.
    // Leave blank to show a textbox at login, give a list of hosts
    // to display a pulldown menu or set one host as string.
    // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
    // Supported replacement variables:
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %s - domain name after the '@' from e-mail address provided at login screen
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['default_host'] = 'mail.example.com';
    $rcmail_config['force_https'] = true;
    // SMTP server host (for sending mails).
    // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
    // If left blank, the PHP mail() function is used
    // Supported replacement variables:
    // %h - user's IMAP hostname
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %z - IMAP domain (IMAP hostname without the first part)
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['smtp_server'] = 'tls://mail.example.com';
    
    // SMTP port (default is 25; use 587 for STARTTLS or 465 for the
    // deprecated SSL over SMTP (aka SMTPS))
    $config['smtp_port'] = 587;
    //az go slojih
    $config['smtp_auth_type'] = 'PLAIN';
    // SMTP username (if required) if you use %u as the username Roundcube
    // will use the current username for login
    $config['smtp_user'] = '%u';
    
    // SMTP password (if required) if you use %p as the password Roundcube
    // will use the current user's password for login
    $config['smtp_pass'] = '%p';
    
    // provide an URL where a user can get support for this Roundcube installation
    // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
    $config['support_url'] = 'www.mainwebsite.com';
    
    // Name your service. This is displayed on the login screen and in the window title
    $config['product_name'] = 'MainWebsite Webmail';
    
    // this key is used to encrypt the users imap password which is stored
    // in the session record (and the client cookie if remember password is enabled).
    // please provide a string of exactly 24 chars.
    // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
    $config['des_key'] = 'FD71g6CQxVtyM]G3jJpjPH[r';
    
    // List of active plugins (in plugins/ directory)
    $config['plugins'] = array(
    'archive',
    'zipdownload',
    );
    
    // theme name: folder from themes/
    $config['theme'] = 'classic';
    
    // ----------------------------------
    // PLUGINS
    // ----------------------------------
    
    // List of active plugins (in plugins/ directory)
    //$rcmail_config['plugins'] = array();
    $rcmail_config['plugins'] = array("jqueryui", "ispconfig3_account", "ispconfig3_autoreply", "ispconfig3_pass", "ispconfig3_spam", "ispconfig3_fetchmail", "ispconfig3_filter");
    
    
    // az go addnah za da prashtam emails uj
    $config['smtp_conn_options'] = array(
    'ssl'         => array(
    'verify_peer'      => false,
    'verify_peer_name' => false,
    ),
    );
    I've read several other posts about this problem and it seems I have messed up the certificates? My main server (where the web and roundcube interface is) is using Let's Encrypt certificate (using ISPConfig3) and I don't have it on the mail server (do I need to copy to the mail server?). If you guys need more information please ask, I am kinda confused what I am doing wrong.
     

Share This Page