You need to install the cert on your machine. Does the /etc/hosts have the name of your machine can you try to ping that name to see if it resolves?
> Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre <an...@pobox.com> ha > scritto: > > Thanks to a great deal of help from Remi and Eric, I have now managed to get > my Ansible role to the point where it can successfully build out a > QMailToaster server running PHP 7.1 and RoundCube 1.4rc1. > > However, because nothing is ever that easy, RoundCube and SquirrelMail have > now stopped sending mail (RainLoop works fine). > > 1) SquirrelMail > > SquirrelMail was installed from the qmailtoaster RPMs, using: > > yum --enablerepo=qmt-testing update > yum --enablerepo=qmt-devel update > > as on the homepage of qmailtoaster.com. After installation, I patched the > Squirrelmail config and the smtps supervise as directed at: > > http://www.qmailtoaster.com/sqmailconfig.html > > Attempting to send from SquirrelMail produces the message: > > 0 Can't open SMTP stream > > The /var/log/qmail/smtps/current log shows: > > 2019-07-22 02:45:15.173127500 tcpserver: status: 1/100 > 2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1 > 2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465 > :127.0.0.1::58822 > 2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256 > 2019-07-22 02:45:15.197383500 tcpserver: status: 0/100 > > 2) RoundCube > > RoundCube is 1.4rc1, installed from the remi-test repo. Following Eric's > instructions, I edited '/etc/roundcubemail/config.inc.php' so that it > contains: > > $config['smtp_server'] = 'tls://mail.myhost.com'; > > $config['smtp_conn_options'] = array( > 'ssl' => array( > 'peer_name' => 'mail.myhost.com', > 'verify_peer' => true, > 'verify_depth' => 3, > 'cafile' => '/var/qmail/control/servercert.pem', > ), > ); > > (where 'mail.myhost.com' is the actual name of my mailserver, as it appears > in the 'servercert.pem' file). > > Trying to send from RoundCube produces a 220 Authentication Failed message. > The transcript in RoundCube's SMTP log looks like: > > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Connecting to > tls://mail.myhost.com:587... > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 220 s6.myhost.net - > Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server ESMTP > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Send: EHLO mail.myhost.com > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250-s6.myhost.net - > Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250-STARTTLS > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250-PIPELINING > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250-8BITMIME > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 250 SIZE 20971520 > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Send: STARTTLS > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Recv: 220 ready for tls > [21-Jul-2019 22:26:08 -0400]: <hlsmc7nr> Send: RSET > [21-Jul-2019 22:27:08 -0400]: <hlsmc7nr> Send: QUIT > [21-Jul-2019 22:27:08 -0400]: <hlsmc7nr> Recv: 454 TLS connection > failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown > protocol (#4.3.0) > > 3) Desktop client > > Trying to send from a desktop client (PostBox) also fails, generating the > warning: > > Could not verify this certificate because the issuer is unknown > > The issuer in this case is actually Sectigo, which is the new name for > Comodo, who should be reasonably reputable. > > The 'servercert.pem' file that I'm using is generated from the same '.key' > and '.crt' files that I use to secure the webserver, which appear to work > fine in that context. > > > > Has anyone encountered this issue, or can suggest a possible fix? > > Thanks for any help you can give me, > > Angus > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >
--------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
