>
>
> On Tue, December 30, 2025 9:46 pm, Jay Hart wrote:
>>>
>>>
>>>>
>>>>> Checking outgoing mail service....
>>>>>
>>>>> ERROR: Error connecting to SMTP server "A.B.C.D:25".Server error:
>>>>> (111) Connection refused
>>>>>
>>>>> NOTE: I obfuscated my internal ip network addresses above...
>>>>>
>>>>> I can't find anything wrong with my postfix config, telnet works just
>>>>> fine
>>>>> on port 25.
>>>>>
>>>>> I currently have selinux in 'permissive' mode as in 'Enforcing' mode I
>>>>> was
>>>>> not able to write to the attachment directory (maybe I have a
>>>>> bigger issue here).
>>>>>
>>>>> Could I need to adjust the firewall rules??
>>>>
>>>> Take a look at them and make sure.
>>>>
>>>> Make sure you are telnetting from the same place SquirrelMail is
>>>> running
>>>> and that the address is exactly the same. If that works, sudo telnet as
>>>> the same user apache is running as, since maybe apache user is
>>>> prevented
>>>> from connecting on the network.
>>>>
>>>
>>> I have adjusted by firewall rules. How does the following look to you?
>>>
>>> [root@kevla conf.d]# firewall-cmd --list-all --permanent
>>> public
>>> target: default
>>> icmp-block-inversion: no
>>> interfaces:
>>> sources:
>>> services: cockpit dhcpv6-client http https imap smtp ssh
>>> ports: 80/tcp 443/tcp
>>> protocols:
>>> forward: yes
>>> masquerade: no
>>> forward-ports:
>>> source-ports:
>>> icmp-blocks:
>>> rich rules:
>
> You can also turn off the firewall to test.
>
>>> I am configuring this box 'offline' and no direct connection to an
>>> outgoing relay (as of yet). Could that be part of my problem? IOW, is
>>> this an internal only issue or could it be related to no forwarding
>>> relay server?
>
> Then are you sure the machine is binding to the IP address you're using if
> it is offline? If you are running apache on the same server as the SMTP
> service, then why not use 127.0.0.1? It also happens to be a good idea
> that you have a different service for accepting local mail which applies
> separate policies compared to port 25 that is intended to accept mail from
> untrusted external sources. In fact, why not use the submission service?
>
>
>> I've dug a bit deeper here.
>>
>> Firewall configs are now...
>>
>> [root@kevla share]# firewall-cmd --list-all --permanent
>> public
>> target: default
>> icmp-block-inversion: no
>> interfaces:
>> sources:
>> services: cockpit dhcpv6-client http https imap imaps smtp ssh
>> ports: 80/tcp 443/tcp 25/tcp 993/tcp 143/tcp 587/tcp
>> protocols:
>> forward: yes
>> masquerade: no
>> forward-ports:
>> source-ports:
>> icmp-blocks:
>> rich rules:
>>
>> I've ruled out the firewall being a possibility of the issue.
>>
>> I think my main problem seems to be shown below from the messages log
>> file. I get these every time I run configtest.php and get the SMTP
>> server above:
>>
>> Dec 30 16:04:32 kevla setroubleshoot[37707]: SELinux is preventing
>> /usr/sbin/php-fpm from open access on the file
>> /usr/share/squirrelmail/plugins/compatibility/functions.php.#012#012*****
>> Plugin restorecon (92.2 confidence) suggests
>> ************************#012#012If you want to fix the label.
>> #012/usr/share/squirrelmail/plugins/compatibility/functions.php default
>> label should be usr_t.#012Then you can run restorecon. The access attempt
>> may have been stopped due to insufficient permissions to access
>> a parent directory in which case try to change the following command
>> accordingly.#012Do#012# /sbin/restorecon -v
>> /usr/share/squirrelmail/plugins/compatibility/functions.php#012#012*****
>> Plugin catchall_boolean (7.83 confidence) suggests
>> ******************#012#012If you want to allow httpd to read user
>> content#012Then you must tell SELinux about this by enabling the
>> 'httpd_read_user_content' boolean.#012#012Do#012setsebool -P
>> httpd_read_user_content 1#012#012***** Plugin catchall (1.41 confidence)
>> suggests **************************#012#012If you believe that php-fpm
>> should be allowed open access on the functions.php file by
>> default.#012Then you should report this as a bug.#012You can generate a
>> local policy module to allow this access.#012Do#012allow this
>> access for now by executing:#012# ausearch -c 'php-fpm' --raw |
>> audit2allow -M my-phpfpm#012# semodule -X 300 -i my-phpfpm.pp#012
>>
>> Here are the permissions for that particular file.
>>
>> [root@kevla log]# ls -lZ
>> /usr/share/squirrelmail/plugins/compatibility/functions.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 30611 Dec 6
>> 2009 /usr/share/squirrelmail/plugins/compatibility/functions.php
>>
>> Looking at the plugin directories, and running 'ls -lZ', I see a mixture
>> of permissions, such as:
>>
>> calendar:
>> total 76
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6541 Dec 28 18:51
>> calendar_data.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6770 Dec 28 18:51
>> calendar.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6128 Dec 28 18:51
>> day.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6716 Dec 28 18:51
>> event_create.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 5851 Dec 28 18:51
>> event_delete.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 12887 Dec 28 18:51
>> event_edit.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 5291 Dec 28 18:51
>> functions.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 499 Dec 28 18:51
>> index.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 887 Dec 28 18:51
>> README
>> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 700 Dec 28 18:51
>> setup.php
>>
>> compatibility:
>> total 68
>> drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 84 Dec 6
>> 2009 docs
>> -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 30611 Dec 6
>> 2009 functions.php
>> drwxr-xr-x. 31 root root unconfined_u:object_r:user_home_t:s0 4096 Dec 6
>> 2009 includes
>> -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 466 Jan 2
>> 2009 index.php
>> drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 79 Nov 1
>> 2009 locale
>> -rwxr--r--. 1 root root unconfined_u:object_r:user_home_t:s0 5928 Nov 1
>> 2009 make_release.sh
>> drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 4096 Nov 1
>> 2009 patches
>> drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 4096 Nov 1
>> 2009 patches.old
>> -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 53 Nov 1
>> 2009 README
>> -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 2096 Dec 6
>> 2009 setup.php
>> -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 21 Dec 6
>> 2009 version
>>
>> I ASSUME I need to change everything /usr/share/squirrelmail to
>> ''object_r:usr_t? If not, what SHOULD THEY be?
>
> Running restorecon -r as the error suggests should reset the files to
> whatever the system expects in that directory. What they should be is
> different depending on the location and OS. If SELinux is involved, it can
> also be blocking PHP from talking over the network to the SMTP service. If
> it's on the same machine, you can also try using the sendmail option
> instead of using SMTP.
>
> --
> Paul Lesniewski
> SquirrelMail Team
> Please support Open Source Software by donating to SquirrelMail!
> http://squirrelmail.org/donate_paul_lesniewski.php
>
Paul,
I fixed those issues but have hit a bigger snag, I can't pass a configtest
test. Trying to resolve this I have turned off the firewall,
just so I can eliminate that as a problem. I get hung up on the SMTP server
check with the following error:
Checking outgoing mail service....
ERROR: Error connecting to SMTP server "10.20.30.11:25".Server error: (0)
I have enabled enhanced logging for both php-fpm and postfix, Here are some
logs entries:
[root@kevla postfix]# tail /var/log/php-fpm/www-error.log
[09-Jan-2026 21:07:20 America/New_York] PHP Warning: fsockopen(): Failed to
enable crypto in /usr/share/squirrelmail/src/configtest.php
on line 405
[09-Jan-2026 21:07:20 America/New_York] PHP Warning: fsockopen(): Unable to
connect to ssl://x.x.x.x:25 (Unknown error) in
/usr/share/squirrelmail/src/configtest.php on line 405
[10-Jan-2026 12:54:20 America/New_York] PHP Warning: fsockopen(): SSL
operation failed with code 1. OpenSSL Error messages:
error:0A00010B:SSL routines::wrong version number in
/usr/share/squirrelmail/src/configtest.php on line 405
[10-Jan-2026 12:54:20 America/New_York] PHP Warning: fsockopen(): Failed to
enable crypto in /usr/share/squirrelmail/src/configtest.php
on line 405
[10-Jan-2026 12:54:20 America/New_York] PHP Warning: fsockopen(): Unable to
connect to ssl://x.x.x.x:25 (Unknown error) in
/usr/share/squirrelmail/src/configtest.php on line 405
[10-Jan-2026 13:08:03 America/New_York] PHP Warning: fsockopen(): SSL
operation failed with code 1. OpenSSL Error messages:
error:0A00010B:SSL routines::wrong version number in
/usr/share/squirrelmail/src/configtest.php on line 405
[10-Jan-2026 13:08:03 America/New_York] PHP Warning: fsockopen(): Failed to
enable crypto in /usr/share/squirrelmail/src/configtest.php
on line 405
[10-Jan-2026 13:08:03 America/New_York] PHP Warning: fsockopen(): Unable to
connect to ssl://x.x.x.x:25 (Unknown error) in
/usr/share/squirrelmail/src/configtest.php on line 405
more /var/log/maillog |grep warning
Jan 10 16:59:57 rocky postfix/smtpd[416626]: dict_lookup: helpful_warnings =
(notfound)
Jan 10 16:59:57 rocky postfix/smtpd[416626]: dict_update: helpful_warnings = yes
Jan 10 16:59:57 rocky postfix/smtpd[416626]: warning: run-time library vs.
compile-time header version mismatch: OpenSSL 3.5.0 may not be
compatible with OpenSSL 3.2.0
Jan 10 17:05:03 rocky postfix/smtpd[417102]: dict_lookup: helpful_warnings =
(notfound)
Jan 10 17:05:03 rocky postfix/smtpd[417102]: dict_update: helpful_warnings = yes
Jan 10 17:05:03 rocky postfix/smtpd[417105]: dict_lookup: helpful_warnings =
(notfound)
Jan 10 17:05:03 rocky postfix/smtpd[417105]: dict_update: helpful_warnings = yes
Jan 10 17:05:03 rocky postfix/smtpd[417102]: warning: run-time library vs.
compile-time header version mismatch: OpenSSL 3.5.0 may not be
compatible with OpenSSL 3.2.0
Jan 10 17:05:03 rocky postfix/smtps/smtpd[417105]: warning: run-time library
vs. compile-time header version mismatch: OpenSSL 3.5.0 may
not be compatible with OpenSSL 3.2.0
[root@kevla conf.d]# more /etc/postfix/main.cf |grep -v "#"
NOTE: I removed several of standard entries to make this list shorter.
compatibility_level = 2
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = rocky.$mydomain
mydomain = kevla.org
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 10.20.30.0/24
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
mailbox_transport = lmtp:unix:private/dovecot-lmtp
header_checks = regexp:/etc/postfix/header_checks
debug_peer_level = 6
debug_peer_list = 127.0.0.1
newaliases_path = /usr/bin/newaliases.postfix
disable_vrfy_command = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/kevla.org/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/kevla.org/privkey.pem
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = may
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
smtpd_tls_loglevel = 2
smtp_tls_loglevel = 2
smtpd_discard_ehlo_keywords = chunking, silent-discard
smtp_discard_ehlo_keywords = chunking, silent-discard
smtpd_tls_mandatory_protocols = TLSv1.3, TLSv1.2, !SSLv2, !SSLv3, !TLSv1,
!TLSv1.1
smtpd_tls_protocols = TLSv1.3, TLSv1.2, !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = TLSv1.3, TLSv1.2, !SSLv2, !SSLv3, !TLSv1,
!TLSv1.1
smtp_tls_protocols = TLSv1.3, TLSv1.2, !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtputf8_enable = no
smtpd_use_tls = yes
smtp_use_tls = yes
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination,
permit_sasl_authenticated, reject_unauth_destination
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
header_size_limit = 4096000
relayhost = [mail.smtp2go.com]:2525
relay_destination_concurrency_limit = 20
Any pointers on where to look to resolve this?. Do you see anything blatantly
worng? I have poured over the postfix, dovecot, and php-fpm
configs, and while i have tweaked a few settings, I do not see anything major
that stands out.
TIA,
Jay Hart
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [email protected]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
