Email problem with ispconfig3

Discussion in 'General' started by Michaeltc, Jun 5, 2018.

  1. Michaeltc

    Michaeltc New Member

    Dear Sir :

    Good day, as my customer today tell me, the server cannot receive email from yahoo , but they can receive from google
    I check the log, it show as below
    Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: SSL_accept error from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]: 0
    Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: warning: TLS library problem: 25440:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:s3_pkt.c:1493:SSL alert number 46:
    Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: lost connection after STARTTLS from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]
    Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: disconnect from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]
    Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: connect from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]
    Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: NOQUEUE: filter: RCPT from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<sonic306-19.consmr.mail.sg3.yahoo.com>
    Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: NOQUEUE: filter: RCPT from sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<sonic306-19.consmr.mail.sg3.yahoo.com>
    Jun 5 16:00:54 twhost1 postfix/smtpd[25440]: A8D1E581CE: client=sonic306-19.consmr.mail.sg3.yahoo.com[106.10.241.139]

    we see there have error for SSL_accept error, is this a issue which cause user cannot receive yahoo email, can we add white list to bypass this problem ?

    Thank you
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the content of /etc/postfix/master.cf
     
  3. Michaeltc

    Michaeltc New Member

    Hi :

    Pls find the below master.cf

    smtp inet n - n - - smtpd
    2025 inet n - n - - smtpd

    #628 inet n - n - - qmqpd
    pickup unix n - n 60 1 pickup
    cleanup unix n - n - 0 cleanup
    qmgr unix n - n 300 1 qmgr
    #qmgr unix n - n 300 1 oqmgr
    tlsmgr unix - - n 1000? 1 tlsmgr
    rewrite unix - - n - - trivial-rewrite
    bounce unix - - n - 0 bounce
    defer unix - - n - 0 bounce
    trace unix - - n - 0 bounce
    verify unix - - n - 1 verify
    flush unix n - n 1000? 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    smtp unix - - n - - smtp
    relay unix - - n - - smtp
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - n - - showq
    error unix - - n - - error
    retry unix - - n - - error
    discard unix - - n - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - n - - lmtp
    anvil unix - - n - 1 anvil
    scache unix - - n - 1 scache

    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} ${extension} ${re cipient} ${user} ${nexthop} ${sender}

    dovecot unix - n n - - pipe
    flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}

    amavis unix - - - - 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o smtp_bind_address=


    127.0.0.1:10025 inet n - n - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_c hecks
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes


    127.0.0.1:10027 inet n - n - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_c hecks
    -o smtp_send_xforward_command=yes
    -o milter_default_action=accept
    -o milter_macro_daemon_name=ORIGINATING
    -o disable_dns_lookups=yes
     
  4. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    it might be yahoo doesn't like your self-signed? certificate ... which is questionable but not totally unexpected if thats the case.
     
  5. Michaeltc

    Michaeltc New Member

    Note, but can I disable self-signed for postfix email ?
    as we don't need self-signed SSL for postfix or it will solve by disable TLS ?


    Thank you
     
    Last edited: Jun 5, 2018
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    In the logs you show, there were 2 connections, the first didn't complete an smtp connection, with `lost connection after STARTTLS` - ie. yahoo's server dropped the connection. Once you fix your certificate/certificate chain, this should succeed.
    The second connection (where yahoo reconnects to you in plaintext, no TLS at all) works though, and you show mail was accepted and sent to amavis for filtering. The message was placed in your queue (queue id A8D1E581CE). Refer back to your logs to see what amavis did with it (start with `grep A8D1E581CE /var/log/mail.log`), maybe it's just sitting in a SPAM folder? Maybe it got scored so high it was deleted? The logs should say.

    You can either fix the certificate setup in postfix (preferable) or disable TLS to avoid the first connection issue. But as noted, that's not preventing mail delivery, yahoo simply reconnects in plaintext and the message is received by your server. As for fixing your certificate, what does `postconf smtpd_tls_cert_file smtpd_tls_key_file` show?
     
  7. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Before you install any ssl-certs, aktivate the service smtps in postfix.
     
  8. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    and check the options for smtps / sumbission tls from the hotwo :)
     
  9. Michaeltc

    Michaeltc New Member

    postconf smtpd_tls_cert_file smtpd_tls_key_file show as below
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key

    and right now , as per all expert advise, I have tried to disable tls
    by edit main.cf as below
    smtp_use_tls = no
    smtpd_use_tls = no
    smtp_tls_security_level = none
    smtpd_tls_security_level = none

    however, it still not work, I find the case is that, when I use yahoo to send test email to it
    I type mailq, it return
    Mail queue is empty
    When I restart postfix , the yahoo email appear. I don't know how to fix
     

Share This Page