Hi, I have a fresh installation of 3.2.5 on Debian10. It's a server dedicated to emails, so there are installed (only) Dovecot + Postfix + Apache (with Roundcube). The server has retrieved a certificate from Let's Encrypt using the 3.2 setup script. It works if I use Roundcube (I can send and receive, to/from mail systems as gmail, O365, etc), and if I connect Thunderbird to Dovecot using STARTTLS I can access the mailbox. But if TB tries to send outgoing emails to Postfix (both to 25 and 465), it reports "Peer reports it experienced an internal error". If it uses port 25 without TLS it works. ISPConfig (postfix) reports: Code: Jul 6 16:30:14 myhostname postfix/submission/smtpd[11714]: connect from xxx.it[X.X.X.X] Jul 6 16:30:14 myhostname postfix/submission/smtpd[11714]: warning: hash:/etc/postfix/sni is unavailable. open database /etc/postfix/sni.db: No such file or directory Jul 6 16:30:14 myhostname postfix/submission/smtpd[11714]: warning: hash:/etc/postfix/sni lookup error for "serverFQDN" Jul 6 16:30:14 myhostname postfix/submission/smtpd[11714]: warning: tls_server_sni_maps: serverFQDN map lookup problem Jul 6 16:30:14 myhostname postfix/submission/smtpd[11714]: SSL_accept error from xxx.it[X.X.X.X]: -1 Jul 6 16:30:14 myhostname postfix/submission/smtpd[11714]: warning: TLS library problem: error:1422E0EA:SSL routines:final_server_name:callback failed:../ssl/statem/extensions.c:1007: Jul 6 16:30:14 myhostname postfix/submission/smtpd[11714]: lost connection after STARTTLS from xxx.it[X.X.X.X] Jul 6 16:30:14 myhostname postfix/submission/smtpd[11714]: disconnect from xxx.it[X.X.X.X] ehlo=1 starttls=0/1 commands=1/2 "openssl s_client -connect localhost:587 -starttls smtp -showcerts" reports the right certificate chain from LE. I cannot understand where is the problem, any idea? thanks
Start with this: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/ My signature has link to e-mail setup tutorial. It has instructions on testing the e-mail setup. Do those.
Thank you, but the page does not help me. What I noticed with some other tests. If I configure TB to use the IP address as SMTP server, it reports that the certificate name does not match the host name (ok), and if I allow it to continue, then it works. If I configure it to use the public DNS host name, it reports the problem I described. The DNS name points to a public address where a pfsense performs a NAT to the private IP. SMTP without TLS is working well also there (I can receive from O365 from example). thanks
It would seem you attempted to setup SNI, and I'm guessing the configuration is bad. Try undoing all custom postfix config and test it with a single certificate, then work on sni config afterwards. You could also post "postconf -nf" output here and see if someone can spot the issue, but try thunderbird with a default postfix+ispconfig configuration as a first step.
you pointed me to the right direction, thanks. I found and commented this line in postfix configuration Code: tls_server_sni_maps = ${indexed}sni Really I don't remember I added it, sorry! I've read that SNI in ispconfig with email services is not available and there is some idea in Gitlab, so it's strange I've added that line. Sorry, and thanks for your help!
