SMTP issue with SSL/TLS



  • Hello

    I am unable to send email using 587 or 465 ports, and getting this error on smtp server end.

    TLS library problem: 22866:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48:

    Here is my /etc/z-push/imap.conf.php settings

    define('IMAP_SMTP_METHOD', 'smtp');
    global $imap_smtp_params;
    $imap_smtp_params = array('host' => 'ssl://smtp.mydomain.net', 'port' => 465, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password', 'verify_peer' =>
     false, 'verify_peer_name' => false, 'allow_self_signed' => true);
    

    Would you please help me what is the exact issue and how I can solve this



  • hi,
    look at the error:
    " unknown ca"
    Where ist the path to your certifiacte?
    often you have to create a “full chain certifiacte” - certifiacte, CA-Chains Certifiactes, ca-sertificte - all in one file.



  • I am using Letsencrypt on my MailServer and If I do simply IMAP connection with SSL thats working perfect.

    Then why z-push giving this error.

    You mentioned (path to your certificate) where I need to define the certificate in z-push?



  • Hi,

    I don’t exactly know know to configure z-push with imap, I only saw the issue.
    You can check your correct chain here:
    https://whatsmychaincert.com/
    Which SMTP Relay do you use? Postfix ?
    There you also have to add all things:
    smtpd_tls_cert_file =
    smtpd_tls_key_file =
    smtpd_tls_CAfile =
    smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dhparams.pem

    Is it working without ssl with port 25 only?



  • Here is my postfix configuration.

    smtpd_tls_cert_file=/root/.acme.sh/mydomain.net/mydomain.net.cer
    smtpd_tls_key_file=/root/.acme.sh/mydomain.net/mydomain.net.key
    smtpd_tls_CAfile=/root/.acme.sh/mydomain.net/ca.cer
    smtpd_tls_dh1024_param_file=/etc/postfix/dh1024.pem

    Yes without SSL I can send email using 25



  • @umardraz said in SMTP issue with SSL/TLS:

    ssl://smtp.mydomain.net

    Though I don’t use IMAP myself I would suspect that you should not have the prefix ssl:// in front of the mail server name. The port number you specify is going to dictate if it is using SSL or not.



  • Well with this way imap not working


Log in to reply