Question problem after upgrade 18.0.34 sending mail SMTP (error 250),not working

[Alex Garcia]

Hi,
problem after upgrade for sending mail

CentOS Linux 7.9.2009 (Core)
Obsidian Edition Version 18.0.34 (fresh update)
Let 's enscrypt SSL install

I can recieve mail, no sending SMTP possible


--message from email software :
outgoing server connection (SMTP) “smtp.mydomaine.com” has expired.

mail log
Mar 17 12:53:17 s22055354 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<> (user missing ?), rip=XXX.XXX.XXX.XXX (good ip connection), lip=XXX.XXX.XXX.XXX (good IP Server), TLS: SSL_read failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<lfjwILq978pOxJDB>

-- message from webmail software :
SMTP (error 250)

mail log
Mar 17 12:21:59 s22055354 postfix/smtpd[17364]: TLS SNI localhost from unknown[127.0.0.1] not matched, using default chain

suspecting an error from default SSL instead of SSL domain

Trying to change in panel
Certificats SSL/TLS
apply Lets Encrypt certificate (mail pool)

nothing change

how to apply or verify the Let 's enscrypt SSL for each domain could be actived ?

Thanks

 

[Bitpalast]

Should your mail server name not be the same as your host name? For your host name you can have a proper SSL certificate that you can create and manage with Tools & Settings > SSL.

 

[Alex Garcia]

HI peter,
thank you for your reply,
may be problem is misconfiguration of SSL, but everything was functional before upgrade 18.0.33
after up 18.0.34 loosing also webmail sending emails (error 250)


conf dedicated server

(18.0.34 / Centos 7)
Let's Encrypt
Version: 2.12.6-696
SSL It!
Version: 1.7.9-1084



I try both config on thunderbird
587 STARTTLS.
462 SSL
do nothing

I have 5 domains on the server
every domain have it's own SSL create with Lets Encrypt

see a message about greylist but doesn't change anything for me (18.0.34 / Centos 7)
greylist turn off - do nothing

when I check the certificate with thunderbird
only certificate is the Let's'Encrypt cert (pool server choosen) create in Tools & settings > SSL/TLS certificates

Do I need to delete server pool cert in order to every domain's certificates can be read when I want to send a message ?
Do I need to reinstall all cert in each domains ?

message error from thunderbird
--
Unable to communicate securely with the peer:
the requested domain name does not match the server certificate.
The "smtp.domain.tld" configuration needs to be fixed.
--

I check also after viewing this message

Issue - Postfix SNI TLS-Certs not auto-updated

This morning I could not send mail from some accounts, Thunderbird said the certificate has expired. Problem: When selecting "SSL/TLS certificate for mail" in the mail settings of an individual domain, the certificate for Postfix for that domain is stored by Plesk in...

talk.plesk.com

# echo 'Q' | openssl s_client -connect localhost:465 -servername {domain} -showcerts 2>&1

[root@xxxxxxx ~]# echo 'Q' | openssl s_client -connect localhost:465 -servername {domain} -showcerts 2>&1
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = xxxxxxx.server.tld
verify return:1

this is the server pool certificate

Question : how can I check actived SSL for each domain ?

Thanks for your in advance

 

[Bitpalast]

It might be a different issue that is already being disussed here:

Issue - Unable to send emails after upgrading to 18.0.34

I'm being unable to send emails since right after I upgraded to 18.0.34. Things were working perfectly before and upgrading/updating to 18.0.34 was all I did. This problem seems to be happening for all the domains I have configured in the server (or at least all the domains I tested). When I...

talk.plesk.com

and

Issue - Postfix stopped working for domains hosted on server after upgrading to 18.0.34

System Plesk Obsidian v18.0.34_build1800210305.11 os_Ubuntu 18.04 Note, we are only using the server to send out emails, individual email accounts are managed by google g suite Issue: we are not getting emails sent by the system to any domain user (order confirmation, etc). Emails sent to...

talk.plesk.com

 

[Alex Garcia]

————————————————————————————
Mailog
————————————————————————————

Apr 4 00:16:47 s22055354 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=17276, TLS, session=<VkkD0hi/RLF/AAAB>
Apr 4 00:16:47 s22055354 dovecot: service=imap, user=[email protected], ip=[127.0.0.1]. Logged out rcvd=261, sent=1142

Apr 4 01:53:25 s22055354 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=26601, TLS, session=<HUiiKxq/4Lt/AAAB>
Apr 4 01:53:25 s22055354 dovecot: service=imap, user=[email protected], ip=[127.0.0.1]. Logged out rcvd=82, sent=839
Apr 4 01:53:25 s22055354 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=26604, TLS, session=<DbqlKxq/5Lt/AAAB>
Apr 4 01:53:25 s22055354 dovecot: service=imap, user=[email protected], ip=[127.0.0.1]. Logged out rcvd=38, sent=564
Apr 4 01:53:26 s22055354 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=26607, TLS, session=<LtWoKxq/6Lt/AAAB>
Apr 4 01:53:26 s22055354 dovecot: service=imap, user=[email protected], ip=[127.0.0.1]. Logged out rcvd=48, sent=684



Test from webmail
change postfix to qmail (like Powie said)
stop postfix - change to qmail restart the server

error 502 with rouncube (qmail imap)

stop qmail - change again to postfix restart the server, no change !

error 250 with roundcube (dovecot imap)


Test from Thunderbird

something better now emails can be send from thunderbird (emailer last version)
but only on emails with domains on the same server (emails sended and received)
when sending message to an email adress outside the domains on the server, this error appears

The message could not be sent because the connection to the outgoing server (SMTP)
«smtp.mydomain.tld» was lost during the transaction.
Please try again.


see this in the mail log now

Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19354 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19355 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19357 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19358 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19359 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19360 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19361 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19362 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19363 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19364 exit status 1
Apr 4 04:11:58 sxxxxxxxxx postfix/master[2408]: warning: process /usr/libexec/postfix/smtpd pid 19365 exit status 1

any ideas where the problem can be fixed ?
thanks in advance