Topic: SSMTP help

[klaudadio]

I am using SME version 7.1.3 and have enabled SSMTP under the email settings but am unable to send email with my Outlook. I am able to receive (POPS) email with my Outlook. I am using port 465 for SMTP and port 995 for POP. I have checked the box telling Outlook that my server requires authentication and to use the same settings as my incoming server. It says the outgoing mail server was found but it did not respond. Have I missed something in the setup of SME or Outlook?

[mmccarn]

In your Outlook account properties, on the 'Outgoing Server' tab:
- Outgoing server requires authentication
- Use same settings as my incoming mail server
- DON'T select 'Log on using Secure Password Authentication'

On the 'Advanced' tab:
- select 'This server requires an encrypted connection (SSL)'
- change the Outgoing Server (SMTP): port from 25 to 465

If your SME is not your Internet gateway, make sure your gateway is passing traffic on port 465 to your SME server.

Check /var/log/sqpsmtpd/current on the SME - is the client ever connecting to SSMTP?

Open webmail from outside using https - is your system really unhappy with your certificate for some reason?

(These settings work for me...)

[klaudadio]

Thanks. It looks like my network is unhappy with my certificate. IE7 tells you each time you attempt to use https even after you install the certificate. Firefox allows you to install the certificate the first time and never asks again. Outlook said the certificate didn't match but allowed you to use it anyway but I suspect the problem is with the certificate. I installed SME using a different IP address and a different box name then I eventually used. It is the same URL but that may be the reason for a 'bad' certificate.
I guess I'll have to look into how to install a new certificate or edit the one that I have to get this to work. I don't know where the certificate is stored. I sure don't want to reinstall.
Thanks again. I am using the settings you suggested.

[bpivk]

klaudadio the problem with the certificate comes when you use your websites from lan (because the server certificate doesn't match the adress you typed).
You can solve this by using a custom certificate (search the wiki for the proper howto) and importing the certificate authority.
This will solve the problem for wan access but you'll have to live with these messages when you browse the websites from lan.

[ksc133]

hi folks

i've installed my SME7 certificate on my user's PC. but it still has a warning message when my users access POP3S.

anyway to over come this?

thanks

[NickCritten]

If you read the warning you will get your answer.

There are generally three reasons why a Certificate is rejected.

Server name does not match the certificate
Certificate Authority is not trusted. (Goes away if you've installed)
Certificate is out-of-date.

Carefully read the certificate warning and you will have your answer

[klaudadio]

I still do not connect to SSMTP. Below is the content of my sqpsmtpd log file. Does anyone see where I went wrong?

@40000000465dac3e015d0d6c 21890 trying to get config for plugins
@40000000465dac3e01630c94 21890 loading plugins from /usr/share/qpsmtpd/plugins
@40000000465dac3e018244c4 21890 Loading peers
@40000000465dac3e0185e28c 21890 trying to get config for peers/0
@40000000465dac3e01ceedc4 21890 peers plugin: Compiling auth/auth_cvm_unix_local
@40000000465dac3e01f2c1a4 21890 peers plugin: Compiling check_earlytalker
@40000000465dac3e0205e02c 21890 peers plugin: Compiling count_unrecognized_commands
@40000000465dac3e0218200c 21890 peers plugin: Compiling check_relay
@40000000465dac3e022a67bc 21890 peers plugin: Compiling check_norelay
@40000000465dac3e029c4bfc 21890 peers plugin: Compiling require_resolvable_fromhost
@40000000465dac3e036f6ec4 21890 peers plugin: Compiling check_basicheaders
@40000000465dac3e0385a644 21890 peers plugin: Compiling check_badmailfrom
@40000000465dac3e0397a3bc 21890 peers plugin: Compiling check_badrcptto_patterns
@40000000465dac3e03ab626c 21890 peers plugin: Compiling check_badrcptto
@40000000465dac3e03bc8524 21890 peers plugin: Compiling check_spamhelo
@40000000465dac3e03db6f34 21890 peers plugin: Compiling check_goodrcptto
@40000000465dac3e03f0721c 21890 peers plugin: Compiling rcpt_ok
@40000000465dac3e0cdf7a94 21890 peers plugin: Compiling tnef2mime
@40000000465dac3e0d05d2fc 21890 peers plugin: Compiling virus/clamav
@40000000465dac3e0d2ab464 21890 peers plugin: Compiling queue/qmail-queue
@40000000465dac3e0d304a14 21890 peers hooking valid_auth
@40000000465dac3e0d336ec4 21890 peers hooking set_hooks
@40000000465dac3e0d3873ec 21890 Connection from [192.168.204.249] [192.168.204.249]
@40000000465dac3e0d3ee844 21890 running plugin (set_hooks): peers
@40000000465dac3e0d43fd0c 21890 trying to get config for peers/192.168.204
@40000000465dac3e0d4f0544 21890 loading plugin peers peers/192.168.204
@40000000465dac3e0d5189cc 21890 loading plugin check_relay
@40000000465dac3e0d53ef14 21890 loading plugin check_norelay
@40000000465dac3e0d563904 21890 loading plugin check_basicheaders
@40000000465dac3e0d5886dc 21890 loading plugin check_badmailfrom
@40000000465dac3e0d5ad4b4 21890 loading plugin check_badrcptto_patterns
@40000000465dac3e0d5d39fc 21890 loading plugin check_badrcptto
@40000000465dac3e0d5f87d4 21890 loading plugin check_spamhelo
@40000000465dac3e0d6246f4 21890 loading plugin check_goodrcptto extn -
@40000000465dac3e0d64a854 21890 loading plugin rcpt_ok
@40000000465dac3e0d66f244 21890 loading plugin tnef2mime
@40000000465dac3e0d6953a4 21890 loading plugin virus/clamav clamscan_path=/usr/bin/clamdscan action=reject max_size=25000000
@40000000465dac3e0d6ba17c 21890 loading plugin queue/qmail-queue
@40000000465dac3e0d7050b4 21890 trying to get config for peers/192.168.204
@40000000465dac3e0d7899cc 21890 peers hooking valid_auth
@40000000465dac3e0d7baaf4 21890 peers hooking set_hooks
@40000000465dac3e0d8232d4 21890 check_relay hooking connect
@40000000465dac3e0d8933cc 21890 check_norelay hooking connect
@40000000465dac3e0d8f002c 21890 check_basicheaders hooking data_post
@40000000465dac3e0d9685f4 21890 check_badmailfrom hooking rcpt
@40000000465dac3e0d99ed0c 21890 check_badmailfrom hooking mail
@40000000465dac3e0da11ce4 21890 check_badrcptto_patterns hooking rcpt
@40000000465dac3e0da80284 21890 check_badrcptto hooking rcpt
@40000000465dac3e0daf596c 21890 check_spamhelo hooking ehlo
@40000000465dac3e0db23bb4 21890 check_spamhelo hooking helo
@40000000465dac3e0dbb82b4 21890 check_goodrcptto hooking rcpt
@40000000465dac3e0dc0ddcc 21890 rcpt_ok hooking rcpt
@40000000465dac3e0dca2c9c 21890 tnef2mime hooking data_post
@40000000465dac3e0dcf5104 21890 virus::clamav hooking data_post
@40000000465dac3e0dd530ec 21890 Initializing spool_dir
@40000000465dac3e0dd7e454 21890 trying to get config for spool_dir
@40000000465dac3e0de0fc74 21890 queue::qmail_2dqueue hooking queue
@40000000465dac3e0de8053c 21890 Plugin peers, hook set_hooks returned DECLINED,
@40000000465dac3e0deaf724 21890 running plugin (connect): check_relay
@40000000465dac3e0dee5e3c 21890 trying to get config for relayclients
@40000000465dac3e0df5249c 21890 trying to get config for morerelayclients
@40000000465dac3e0df9f314 21890 Plugin check_relay, hook connect returned DECLINED,
@40000000465dac3e0dfc8b24 21890 running plugin (connect): check_norelay
@40000000465dac3e0dff6d6c 21890 trying to get config for norelayclients
@40000000465dac3e0e06918c 21890 Plugin check_norelay, hook connect returned DECLINED,
@40000000465dac3e0e096c04 21890 trying to get config for smtpgreeting
@40000000465dac3e0e0ea3f4 21890 220 eserver.xxxx.com ESMTP
@40000000465dac3e0e118a24 21890 trying to get config for timeoutsmtpd
@40000000465dac3e0e15666c 21890 trying to get config for timeout
@40000000465dac41190795cc sslio[21890]: info: bytes in: 0
@40000000465dac411907a954 sslio[21890]: info: bytes ou: 7
@40000000465dac41193ebafc tcpsvd: info: end 21890 exit 0
@40000000465dac41193ed26c tcpsvd: info: status 0/10

Any help would be appreciated.

[ksc133]

If you read the warning you will get your answer.

There are generally three reasons why a Certificate is rejected.

Server name does not match the certificate
Certificate Authority is not trusted. (Goes away if you've installed)
Certificate is out-of-date.

Carefully read the certificate warning and you will have your answer

hi it says

Certificate Authority is not trusted and Certificate is out-of-date.

how do i overcome this?

thanks

[NickCritten]

If you read the warning you will get your answer.

There are generally three reasons why a Certificate is rejected.

Server name does not match the certificate
Certificate Authority is not trusted. (Goes away if you've installed)
Certificate is out-of-date.

Carefully read the certificate warning and you will have your answer

hi it says

Certificate Authority is not trusted and Certificate is out-of-date.

how do i overcome this?

thanks

You get around the Certificate Authority not being trusted by installing the certificate, so you shouldn't be getting that one.

Your cert shoudln't ever really go out of date, as SME will rebuild it automatically when it expires.  Check to make sure that the date & time on your server is correct, and tallies up properly with your client

[shell]

couple of things i have noticed -

IE 7 requires you to both install the certificate, and because the certificate is self-signed, to install your server as a publisher.  This is an additional step and was not present in IE6 and before.

Also there was an historic issue with certificates not being created new, a reboot fixed this - they expire (by default) after 1 year.

[ksc133]

hi folks

how do i configure smtp(25) with authentcation on SME 7?
i don't like the ssmtp with SSL feature on the default settings.
due to certifcate issues and also i need to go around to configure all my PC and laptops with certifcates

thanks

[bpivk]

Change the SMTP authentication settings in the server-manager pannel under email.

[NickCritten]

couple of things i have noticed -

IE 7 requires you to both install the certificate, and because the certificate is self-signed, to install your server as a publisher.  This is an additional step and was not present in IE6 and before.

That isn't my experience... I have not had to do this with my clients.  Simply:

Go to a https:// page, such as webmail or server-manager.
Click Continue at the Warning page.
Click the "Certificate Error" button that just appeared in the toolbar.
Click view certificates
Click install certificate
Continue as normal.

For security reasons you really shouldn't set up your SME as a trusted CA.

Also there was an historic issue with certificates not being created new, a reboot fixed this - they expire (by default) after 1 year.

True, however you can also do a

Code: [Select]

signal-event domain-modify No need for anything as drastic as a reboot.

[alrusso]

Hi there, I've set up email as per the beginning of this thread, and it works sort of .. but .. I get the message that is being sent remaining in my outlook outbox, although it reports as completed, and never see the email again .. so it's recieving but not sending out through 465 ..

Any suggestions ?

[albatroz]

Is there anyway to return to the old way, sending email via authenticated SMTP via port 25 ?