Topic: SOLVED: iPhone will not connect to SSL with WIFI on in head office

[Gaetan]

Hi,
I am running SME 9.2 - new install.
Our SME server is our main gateway, it has a public IP address and a DNS host name on the Internet (i.e.: mail.mydomain.com).
It also obviously has a local static IP address 192.168.1.x...

Our WIFI system is using the SME server as a gateway.

Our iPhones cannot retrieve email if WIFI is ON and using host name mail.mydomain.com using SSL on port 995 ... We can only connect with 3G/4G connexion within our head office.
To make it work with WIFI, we have to use the public IP address not the hostname ...

When running with WIFI outside the office, from home for example, it works with the hostname ...

We did have this issue on SME 8 ... So it is probably on config issue ???

Thanks

It looks like a firewall issue ?

[Stefano]

it looks like something related to SSL...

anyway, have you any evidence of this issue in the related logs?

and, finally, why POP3?

[Gaetan]

Here is the log:

My phone IP is 192.168.1.100 ...

WITH hostname = public IP address:
@40000000591adc9f389ddbbc tcpsvd: info: end 6618 exit 0
@40000000591adc9f389de38c tcpsvd: info: status 1/40
@40000000591adc9f39c1c634 tcpsvd: info: status 2/40
@40000000591adc9f39c4c7bc tcpsvd: info: pid 6636 from 192.168.1.100
@40000000591adc9f39c56bcc tcpsvd: info: concurrency 6636 192.168.1.100 1/4
@40000000591adc9f39c56fb4 tcpsvd: info: start 6636 0:80.168.187.100 ::192.168.1.100:50400 ./peers/192.168.1
@40000000591adc9f3a48e024 tcpsvd: info: status 3/40
@40000000591adc9f3a4aef7c tcpsvd: info: pid 6637 from 192.168.1.100
@40000000591adc9f3a4b7c1c tcpsvd: info: concurrency 6637 192.168.1.100 2/4
@40000000591adc9f3a4b8004 tcpsvd: info: start 6637 0:80.168.187.100 ::192.168.1.100:50401 ./peers/192.168.1
@40000000591adc9f3a88081c 2017.05.16 12:03:49 LOG5[6636:139683986429888]: Could not load DH parameters from /service/imap/ssl/imapd.pem
@40000000591adc9f3a89a62c 2017.05.16 12:03:49 LOG4[6636:139683986429888]: Diffie-Hellman initialization failed
@40000000591adc9f3a8a03ec 2017.05.16 12:03:49 LOG5[6636:139683986429888]: stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.1e-fips 11 Feb 2013
@40000000591adc9f3a8a55f4 2017.05.16 12:03:49 LOG5[6636:139683986429888]: Threading:PTHREAD SSL:ENGINE,FIPS Sockets:POLL,IPv6 Auth:LIBWRAP
@40000000591adc9f3a8e4d94 2017.05.16 12:03:49 LOG5[6636:139683986429888]: pop3s accepted connection from 192.168.1.100:50400
@40000000591adc9f3b137b54 2017.05.16 12:03:49 LOG5[6637:139776303433664]: Could not load DH parameters from /service/imap/ssl/imapd.pem
@40000000591adc9f3b157ef4 2017.05.16 12:03:49 LOG4[6637:139776303433664]: Diffie-Hellman initialization failed
@40000000591adc9f3b183e14 2017.05.16 12:03:49 LOG5[6637:139776303433664]: stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.1e-fips 11 Feb 2013
@40000000591adc9f3b1845e4 2017.05.16 12:03:49 LOG5[6637:139776303433664]: Threading:PTHREAD SSL:ENGINE,FIPS Sockets:POLL,IPv6 Auth:LIBWRAP
@40000000591adc9f3b1ba914 2017.05.16 12:03:49 LOG5[6637:139776303433664]: pop3s accepted connection from 192.168.1.100:50401
@40000000591adca00d9ab444 2017.05.16 12:03:50 LOG5[6636:139683986429888]: Connection closed: 5163 bytes sent to SSL, 47 bytes sent to socket



WITH hostname = mail.mydomain.com

@40000000591adde60e914d2c tcpsvd: info: status 0/40
@40000000591ade02103a888c tcpsvd: info: status 1/40
@40000000591ade02103d43c4 tcpsvd: info: pid 7671 from 192.168.1.100
@40000000591ade02103e032c tcpsvd: info: concurrency 7671 192.168.1.100 1/4
@40000000591ade02103e0714 tcpsvd: info: start 7671 0:80.168.187.100 ::192.168.1.100:50422 ./peers/192.168.1
@40000000591ade02110d97cc 2017.05.16 12:09:44 LOG5[7671:139851442358208]: Could not load DH parameters from /service/imap/ssl/imapd.pem
@40000000591ade02110f35dc 2017.05.16 12:09:44 LOG4[7671:139851442358208]: Diffie-Hellman initialization failed
@40000000591ade02110f9784 2017.05.16 12:09:44 LOG5[7671:139851442358208]: stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.1e-fips 11 Feb 2013
@40000000591ade02110ffd14 2017.05.16 12:09:44 LOG5[7671:139851442358208]: Threading:PTHREAD SSL:ENGINE,FIPS Sockets:POLL,IPv6 Auth:LIBWRAP
@40000000591ade02111515c4 2017.05.16 12:09:44 LOG5[7671:139851442358208]: pop3s accepted connection from 192.168.1.100:50422
@40000000591ade04003035cc 2017.05.16 12:09:46 LOG5[7671:139851442358208]: Connection closed: 66 bytes sent to SSL, 61 bytes sent to socket
@40000000591ade04003c7684 tcpsvd: info: end 7671 exit 0
@40000000591ade04003c7e54 tcpsvd: info: status 0/40
@40000000591ade04011e5e8c tcpsvd: info: status 1/40
@40000000591ade040120528c tcpsvd: info: pid 7680 from 192.168.1.100
@40000000591ade040121e4e4 tcpsvd: info: concurrency 7680 192.168.1.100 1/4
@40000000591ade040121e8cc tcpsvd: info: start 7680 0:80.168.187.100 ::192.168.1.100:50426 ./peers/192.168.1
@40000000591ade0401fe8d2c 2017.05.16 12:09:46 LOG5[7680:140279121405888]: Could not load DH parameters from /service/imap/ssl/imapd.pem
@40000000591ade040200718c 2017.05.16 12:09:46 LOG4[7680:140279121405888]: Diffie-Hellman initialization failed
@40000000591ade04020284cc 2017.05.16 12:09:46 LOG5[7680:140279121405888]: stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.1e-fips 11 Feb 2013
@40000000591ade0402050954 2017.05.16 12:09:46 LOG5[7680:140279121405888]: Threading:PTHREAD SSL:ENGINE,FIPS Sockets:POLL,IPv6 Auth:LIBWRAP
@40000000591ade04020c7f7c 2017.05.16 12:09:46 LOG5[7680:140279121405888]: pop3s accepted connection from 192.168.1.100:50426
@40000000591ade041e164b1c tcpsvd: info: status 2/40
@40000000591ade041e19391c tcpsvd: info: pid 7683 from 192.168.1.116
@40000000591ade041e1a237c tcpsvd: info: concurrency 7683 192.168.1.116 1/4
@40000000591ade041e1a2b4c tcpsvd: info: start 7683 0:80.168.187.100 ::192.168.1.116:3760 ./peers/192.168.1
@40000000591ade041ee6f514 2017.05.16 12:09:46 LOG5[7683:140571671615424]: Could not load DH parameters from /service/imap/ssl/imapd.pem
@40000000591ade041ee975b4 2017.05.16 12:09:46 LOG4[7683:140571671615424]: Diffie-Hellman initialization failed
@40000000591ade041eeb5a14 2017.05.16 12:09:46 LOG5[7683:140571671615424]: stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.1e-fips 11 Feb 2013
@40000000591ade041eed32bc 2017.05.16 12:09:46 LOG5[7683:140571671615424]: Threading:PTHREAD SSL:ENGINE,FIPS Sockets:POLL,IPv6 Auth:LIBWRAP
@40000000591ade041ef0e7f4 2017.05.16 12:09:46 LOG5[7683:140571671615424]: pop3s accepted connection from 192.168.1.116:3760
@40000000591ade0436340b94 2017.05.16 12:09:46 LOG5[7683:140571671615424]: Connection closed: 16559 bytes sent to SSL, 71 bytes sent to socket
@40000000591ade0436341364 tcpsvd: info: end 7683 exit 0
@40000000591ade0436341364 tcpsvd: info: status 1/40



POP3 because I don't like IMAP - too slow when there is a large email account. I prefer to let the email client deal with high email volume and backup email client files instead of SME file ...

[Stefano]

ok, nothing relevant at a first sight.. please open a bug and post there all the info (mainly, these logs)

regarding IMAP vs POP3.. if we're talking about clients like laptop or pc I would agree.. but using POP3 on a phone is a risk

and, more.. I don't know how iphone works, but I made some tests with an ipad connected to an imap account with more than 10.000 emails (and many subfolders) and I did not feel like it's slow.. anyway, personal tastes

[Jean-Philippe Pialasse]

Before opening a bug

What domaim do you use?
Is it configured on the server ?
Is it configured as dns resolved locally?

If not when your iphone ask ip of the domain it gets your external ip. Try to connect and get another ip to answer. As a good practice it just stop there. Openvpn would do the same thing.


So configure it locally on the server makes sure it is giving dns and dhcp for the local network.
Flysh server dns. Cache and you will be ok.

[Gaetan]

Thanks for your suggestions ... Our WIFI system was using the wrong DNS server.
Issue solved.
Merci

[Jean-Philippe Pialasse]

you can edit your original post and mark the subject as solved then