Good day, I've installed 2 VPS (one for web and one for mail) with ISPConfig : Ubuntu 20.04.1 LTS (Focal Fossa)) ISPConfig 3.2 I can't seem to be able to send an email from the web server through the mail server from a php script. Everything I search (Google) seems to be related more to 'localhost' issues. Seems all good network wise (telnet from web to mail server) Code: # telnet mailer.XYZ.com 587 Trying 51.161.xx.xx... Connected to mailer.XYZ.com. Escape character is '^]'. 220 mailer.XYZ.com ESMTP Postfix (Ubuntu) Configs used: Code: ... use Swift_Mailer; use Swift_Message; // SMTP server configuration $smtp_server = 'mailer.XYZ.com'; $username = '[email protected]'; $password = 'MyPass##'; $port = '587'; $encryption = 'tls'; ... I get this error : : 530 5.7.0 Must issue a STARTTLS command first I tried with $encryption = 'tls' and $encryption = 'ssl' with no success. Am I missing a parameter here? I've never tried connecting code to another ISPConfing mail server. It's the client's 'Swift_Mailer' (Symfony) code? I get a PHP error in the browser when I launch the script and I understand it is most probably an issue with the application/configuration. - Would you have a simple PHP script (with good parameters and no PHPMailer) for me to test this and prove it's the application? - Can these settings be put into the php.ini so the customer can use his regular mail() command ? Thank you, JP
After working on this a bit more, it was an issue with the self-signed certificate. It can work with this: Code: $transport->setStreamOptions([ 'ssl' => ['allow_self_signed' => true, 'verify_peer' => false, 'verify_peer_name' => false] ]); FYI - It's also an issue I find mail clients but mostly with iPhones. We have to retry connection at least 3 times... Do you recommend I put a good certificate for emails? Would I change the configs here: Code: /etc/postfix/main.cf # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_security_level = may Could I Use Let'sEncrypt for a site called mail.XYZ.com and use it for mail TLS ? I seem that Email encryption and code signing require a different type of certificate. I'm not looking to sigh emails, just TLS to work without warnings. Thanks, JP
Yes, it helps with these sorts of client issues. You can either change the path to the cert/key files, or simply replace them with a symlink to your own files. Yes, that's a common setup. Also in 3.2 the installer can (attempt to) setup a letsencrypt certificate for your server's hostname, and will use that for smtp/pop3/imap as well, if you like using that hostname.
I created a mailer.XYZ.com site and added the Let's Encrypt SSL option (works fine). I see they are stored here in the vhost and they are symlinks also: Code: SSLCertificateFile /var/www/clients/client0/web1/ssl/mailer.XYZ.com-le.crt SSLCertificateKeyFile /var/www/clients/client0/web1/ssl/mailer.XYZ.com-le.key I created these 2 simlinks in /etc/postfix: Code: smtpd.cert -> /etc/letsencrypt/live/mailer.XYZ.com/fullchain.pem lsmtpd.key -> /etc/letsencrypt/live/mailer.XYZ.com/privkey.pem FYI moved old ones before Code: smtpd2.cert -> /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd2.key -> /usr/local/ispconfig/interface/ssl/ispserver.key and it restarted OK. I'll test to see if it's all good now. Can I expect these certs to be automatically rotated (every 2-3 months) with ISPConfig? Thank you for all these confirmations.
Yes. But I am not sure about you setup, on my host LE makes the certificate files in /etc/letsencrypt directory tree. LE renews certificate when there is less than 30 days left.
As mentioned, it will update, but you might have to arrange for restarting postfix and dovecot after the certificate renews.
Take a look at https://www.howtoforge.com/communit...topped-sending-email.85381/page-2#post-410370 for auto renewal