Can´t connect from clients to hmailserver when using SSL

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
RDA
New user
New user
Posts: 9
Joined: 2020-05-16 12:12

Can´t connect from clients to hmailserver when using SSL

Post by RDA » 2020-07-12 19:19

Hello there,

I'm trying to secure my mail server with SSL which I transfered directly from my Apache webserver running in a diffrent machine. Since I configured the SSL settings in hMailServer, no clients can connect. When I checked diagnostics no error shows up. I ran the HMS Settings Diagnostics script and couldn't figure out where the issue is. Please help.

Thanks in advanced.

Code: Select all

2020-07-12   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - abxx.lk                        Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False     Catchall: webmaster@Domain1.com
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False

   "Domain2.com" - inxxxxx.uk                     Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False     Catchall: webmaster@Domain2.com
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False

   "Domain3.com" - itxxxx.co.uk                   Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False     Catchall: webmaster@Domain3.com
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      3
                              Minutes Before Reset:           60  (1.00 hours, 0.04 days)
                              Minutes to Autoban:            300  (5.00 hours, 0.21 days)

There is a total of 10 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:         True  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:   True  Delivered-To hdr: False
                                               Max number commands: 100  Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 3    Use Spamassassin:   False
  Add X-HmailServer-Spam:     True    Check HELO host:   False    
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2
  Add X-HmailServer-Subject:  True    Verify DKIM:       False    
              Subject Text: "[SPAM]"
  Spam delete threshold: 20         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 3     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2

SURBL ENTRIES:
                   multi.surbl.org      Score: 3

GREYLISTING:
  Greylisting:  False

WHITELISTING
              0.0.0.0            to    255.255.255.255              [@t]Domain1[dot]lk
              0.0.0.0            to    255.255.255.255              [@t]Domain2[dot]co[dot]uk
              0.0.0.0            to    255.255.255.255              [@t]Domain3[dot]uk
-----------------------------------------------------------------------------------------------

ANTIVIRUS:  No application configured.

  Block Attachments: True
               *.bat             Batch processing file
               *.cmd             Command file for Windows NT
               *.com             Command
               *.cpl             Windows Control Panel extension
               *.csh             CSH script
               *.exe             Executable file
               *.inf             Setup file
               *.lnk             Windows link file
               *.msi             Windows Installer file
               *.msp             Windows Installer patch
               *.pif             Program Information file
               *.reg             Registration key
               *.scf             Windows Explorer command
               *.scr             Windows Screen saver
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   Domain1.com
       Certificate: \\172.16.10.50\SambaShare\Domain1.com\fullchain1.pem
       Private key: \\172.16.10.50\SambaShare\Domain1.com\privkey1.pem
   Domain2.com
       Certificate: \\172.16.10.50\SambaShare\Domain2.com\fullchain2.pem
       Private key: \\172.16.10.50\SambaShare\Domain2.com\privkey2.pem
   Domain3.com
       Certificate: \\172.16.10.50\SambaShare\Domain3.com\fullchain6.pem
       Private key: \\172.16.10.50\SambaShare\Domain3.com\privkey6.pem
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :  False
             TLS 1.1 :  False
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:  False
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   None                
               0.0.0.0         / 110   / POP3   -   StartTLS Required   Cert: Domain1.com
               0.0.0.0         / 143   / IMAP   -   StartTLS Required   Cert: Domain1.com
               0.0.0.0         / 465   / SMTP   -   SSL/TLS             Cert: Domain1.com
               0.0.0.0         / 587   / SMTP   -   StartTLS Required   Cert: Domain1.com
               0.0.0.0         / 993   / IMAP   -   SSL/TLS             Cert: Domain1.com
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  F:\Program Files (x86)\hMailServer\Logs\hmailserver_2020-07-12.log
    Error:    F:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2020-07-12.log - !! ERRORS PRESENT !!
    Event:    F:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
    Awstats:  F:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -    True
                        IMAP        -    True
                        TCPIP       -    True
                        DEBUG       -    True
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

Backup directory E:\HmailBU is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  F:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     F:\Program Files (x86)\hMailServer\Data
Log folder:      F:\Program Files (x86)\hMailServer\Logs
Temp folder:     F:\Program Files (x86)\hMailServer\Temp
Event folder:    F:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MYSQL
Username=          root
PasswordEncryption=1
Port=              3306
Server=            localhost
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v2.01, Hmailserver Forum.

User avatar
johang
Senior user
Senior user
Posts: 286
Joined: 2008-09-01 09:20

Re: Can´t connect from clients to hmailserver when using SSL

Post by johang » 2020-07-12 19:38

RDA wrote:
2020-07-12 19:19
Hello there,

I'm trying to secure my mail server with SSL which I transfered directly from my Apache webserver running in a diffrent machine. Since I configured the SSL settings in hMailServer, no clients can connect. When I checked diagnostics no error shows up. I ran the HMS Settings Diagnostics script and couldn't figure out where the issue is. Please help.

Thanks in advanced.

Code: Select all

2020-07-12   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - abxx.lk                        Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False     Catchall: webmaster@Domain1.com
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False

   "Domain2.com" - inxxxxx.uk                     Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False     Catchall: webmaster@Domain2.com
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False

   "Domain3.com" - itxxxx.co.uk                   Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False     Catchall: webmaster@Domain3.com
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      3
                              Minutes Before Reset:           60  (1.00 hours, 0.04 days)
                              Minutes to Autoban:            300  (5.00 hours, 0.21 days)

There is a total of 10 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:         True  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:   True  Delivered-To hdr: False
                                               Max number commands: 100  Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 3    Use Spamassassin:   False
  Add X-HmailServer-Spam:     True    Check HELO host:   False    
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2
  Add X-HmailServer-Subject:  True    Verify DKIM:       False    
              Subject Text: "[SPAM]"
  Spam delete threshold: 20         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 3     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2

SURBL ENTRIES:
                   multi.surbl.org      Score: 3

GREYLISTING:
  Greylisting:  False

WHITELISTING
              0.0.0.0            to    255.255.255.255              [@t]Domain1[dot]lk
              0.0.0.0            to    255.255.255.255              [@t]Domain2[dot]co[dot]uk
              0.0.0.0            to    255.255.255.255              [@t]Domain3[dot]uk
-----------------------------------------------------------------------------------------------

ANTIVIRUS:  No application configured.

  Block Attachments: True
               *.bat             Batch processing file
               *.cmd             Command file for Windows NT
               *.com             Command
               *.cpl             Windows Control Panel extension
               *.csh             CSH script
               *.exe             Executable file
               *.inf             Setup file
               *.lnk             Windows link file
               *.msi             Windows Installer file
               *.msp             Windows Installer patch
               *.pif             Program Information file
               *.reg             Registration key
               *.scf             Windows Explorer command
               *.scr             Windows Screen saver
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   Domain1.com
       Certificate: \\172.16.10.50\SambaShare\Domain1.com\fullchain1.pem
       Private key: \\172.16.10.50\SambaShare\Domain1.com\privkey1.pem
   Domain2.com
       Certificate: \\172.16.10.50\SambaShare\Domain2.com\fullchain2.pem
       Private key: \\172.16.10.50\SambaShare\Domain2.com\privkey2.pem
   Domain3.com
       Certificate: \\172.16.10.50\SambaShare\Domain3.com\fullchain6.pem
       Private key: \\172.16.10.50\SambaShare\Domain3.com\privkey6.pem
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :  False
             TLS 1.1 :  False
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:  False
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   None                
               0.0.0.0         / 110   / POP3   -   StartTLS Required   Cert: Domain1.com
               0.0.0.0         / 143   / IMAP   -   StartTLS Required   Cert: Domain1.com
               0.0.0.0         / 465   / SMTP   -   SSL/TLS             Cert: Domain1.com
               0.0.0.0         / 587   / SMTP   -   StartTLS Required   Cert: Domain1.com
               0.0.0.0         / 993   / IMAP   -   SSL/TLS             Cert: Domain1.com
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  F:\Program Files (x86)\hMailServer\Logs\hmailserver_2020-07-12.log
    Error:    F:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2020-07-12.log - !! ERRORS PRESENT !!
    Event:    F:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
    Awstats:  F:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -    True
                        IMAP        -    True
                        TCPIP       -    True
                        DEBUG       -    True
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

Backup directory E:\HmailBU is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  F:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     F:\Program Files (x86)\hMailServer\Data
Log folder:      F:\Program Files (x86)\hMailServer\Logs
Temp folder:     F:\Program Files (x86)\hMailServer\Temp
Event folder:    F:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MYSQL
Username=          root
PasswordEncryption=1
Port=              3306
Server=            localhost
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v2.01, Hmailserver Forum.


start with removing the SSL for port 110 and 143 ( remove start TLS required ) so your clients work as normal ..

THEN you test with your own client your setup on port 465, 587 and 993
IF you can get that to work on those ports you can add STARTTLS ( Optional ) on port 110 and 143 because you have no clue if the clients support "required" on port 110 and 143 ... and absolutetly not "on the fly" ( with that i mean earlier configuration of clients to use port 110 and 143 without encryption .. and then all of a sudden you just enforce it ... clients will take a dive ... )

and
SSL/TLS
SSL 3.0 : False
TLS 1.0 : False --> change to true
TLS 1.1 : False --> change to true
TLS 1.2 : True

i havent dared to go 1.2 only .. yet .. a bunch of iphone-users i have does not support it correctly ..
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

RDA
New user
New user
Posts: 9
Joined: 2020-05-16 12:12

Re: Can´t connect from clients to hmailserver when using SSL

Post by RDA » 2020-07-12 21:25

Did all that changes and still can't connect.

User avatar
johang
Senior user
Senior user
Posts: 286
Joined: 2008-09-01 09:20

Re: Can´t connect from clients to hmailserver when using SSL

Post by johang » 2020-07-12 21:38

RDA wrote:
2020-07-12 21:25
Did all that changes and still can't connect.
did you reboot ?

what does your hmailserver log say ? ( you should have checked the boxes for: Application, SMTP, POP3, IMAP, TCP/IP, an perhaps debug depending on your level of knowledge )
what does your error log say

( have you tested to unistall that SSL certificate so you are back to the beginning ? )


and post diagnostics again..
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

RDA
New user
New user
Posts: 9
Joined: 2020-05-16 12:12

Re: Can´t connect from clients to hmailserver when using SSL

Post by RDA » 2020-07-12 22:20

"ERROR" 5928 "2020-07-12 09:57:20.497" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 25, Error: use_certificate_file: asio.ssl error"
"ERROR" 1868 "2020-07-12 09:57:41.201" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 25, Error: use_certificate_file: asio.ssl error"
"ERROR" 1868 "2020-07-12 09:57:41.232" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 143, Error: use_certificate_file: asio.ssl error"
"ERROR" 4760 "2020-07-12 09:58:15.341" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 25, Error: use_certificate_file: asio.ssl error"
"ERROR" 4760 "2020-07-12 09:58:15.404" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 143, Error: use_certificate_file: asio.ssl error"
"ERROR" 4760 "2020-07-12 09:58:15.419" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 465, Error: use_certificate_file: asio.ssl error"
"ERROR" 3468 "2020-07-12 09:58:53.669" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 25, Error: use_certificate_file: asio.ssl error"
"ERROR" 3468 "2020-07-12 09:58:53.716" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 143, Error: use_certificate_file: asio.ssl error"
"ERROR" 3468 "2020-07-12 09:58:53.763" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 465, Error: use_certificate_file: asio.ssl error"
"ERROR" 3468 "2020-07-12 09:58:53.779" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 587, Error: use_certificate_file: asio.ssl error"
"ERROR" 4440 "2020-07-12 09:59:55.419" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 25, Error: use_certificate_file: asio.ssl error"
"ERROR" 4440 "2020-07-12 09:59:55.466" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 110, Error: use_certificate_file: asio.ssl error"
"ERROR" 4440 "2020-07-12 09:59:55.482" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load certificate file. Path: \\172.16.10.50\SambaShare\cert1.pem, Address: 0.0.0.0, Port: 143, Error: use_certificate_file: asio.ssl error"

I removed the SSL certificates and tested, working like a charm. Not sure what's wrong with the SSL certificates as I shared the same SSL certificates that my Apache is using to host.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8674
Joined: 2011-09-08 17:48

Re: Can´t connect from clients to hmailserver when using SSL

Post by jimimaseye » 2020-07-12 22:25

1, check the certificates are in the right format
2, map the network instead of using UNC path
3, ensure permissions are set in the files and path to allow the hmailserver service to read them

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

RDA
New user
New user
Posts: 9
Joined: 2020-05-16 12:12

Re: Can´t connect from clients to hmailserver when using SSL

Post by RDA » 2020-07-13 14:14

Thanks for the support. I removed the certificates and convert them using https://www.sslshopper.com/ssl-converter.html all works without any issues.
So the issue is with the certificate format even though they are already in *.pem format in Ubuntu Apache server. When I convert them they came in *.der format which had no issues whatsoever.
Any idea how I can get this to *.der or *.crt format...?

User avatar
mattg
Moderator
Moderator
Posts: 20960
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Can´t connect from clients to hmailserver when using SSL

Post by mattg » 2020-07-14 01:22

RDA wrote:
2020-07-13 14:14
So the issue is with the certificate format even though they are already in *.pem format in Ubuntu Apache server.
I use Ubuntu >> Lets Encrypt auto generated certificates in PEM format
(I used to use Apache, but UPGRADED to Nginx earlier this year - no issues with either)

I use UNC path to my Ubuntu server


You need to make sure that the certificate UNC path is accessible to the USER that runs the hmailserver SERVICE
I had to change my hMailserver SERVICE 'run as' to a regular account that had the required SAMBA permissions, from the default 'local system'

You could alternatively just copy the certificate files to your hMailserver machine each time that they change. Lets Encrypt change after 30 days so this can be a painful task when using lets encrypt
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

RDA
New user
New user
Posts: 9
Joined: 2020-05-16 12:12

Re: Can´t connect from clients to hmailserver when using SSL

Post by RDA » 2020-07-14 01:48

Thank you very much for the support

User avatar
jim.bus
Senior user
Senior user
Posts: 409
Joined: 2011-05-28 11:49
Location: US

Re: Can´t connect from clients to hmailserver when using SSL

Post by jim.bus » 2020-07-14 10:29

mattg wrote:
2020-07-14 01:22


You could alternatively just copy the certificate files to your hMailserver machine each time that they change. Lets Encrypt change after 30 days so this can be a painful task when using lets encrypt
I'm not sure how the Error Messages relate to this but RDA should also make sure the certificate files hMailServer are reading are not Password Protected.

And mattg, I can't resist razzing you a little about this. This is the second time I know of when you seem to have forgotten that Let's Encrypt Certificates actually expire after 90 days not 30 days. Though you are correct it can be a painful task even at 90 days. I fortunately have my Let's Encrypt Certificates automatically renewed by my NAS Server and I just export from it and import into hMailServer. It's still a bit cumbersome to import it into hMailServer but it isn't too bad a chore.

User avatar
mattg
Moderator
Moderator
Posts: 20960
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Can´t connect from clients to hmailserver when using SSL

Post by mattg » 2020-07-14 10:59

jim.bus wrote:
2020-07-14 10:29
mattg wrote:
2020-07-14 01:22


You could alternatively just copy the certificate files to your hMailserver machine each time that they change. Lets Encrypt change after 30 days so this can be a painful task when using lets encrypt
And mattg, I can't resist razzing you a little about this. This is the second time I know of when you seem to have forgotten that Let's Encrypt Certificates actually expire after 90 days not 30 days.
Oh I know that they expire after 90 days, but they are actually replaced before expiry date.

https://certbot.eff.org/docs/using.html ... d-renewals
certbot renew - This command attempts to renew any previously-obtained certificates that expire in less than 30 days
Looking at the historical certificates on my system, and thinking this through, that actually means that certificates are replaced after 60 days by default using certbot (Linux + Cron).

Life of the certificate is not the same as the time between replacements.

It matters little to me, except that I need to restart my hMailserver somewhere in the 30 days between when a subsequent certificate is issued, and the current certificate expires.

This is normally handled with Windows updates.

See where I get the 30 days from? :D
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jim.bus
Senior user
Senior user
Posts: 409
Joined: 2011-05-28 11:49
Location: US

Re: Can´t connect from clients to hmailserver when using SSL

Post by jim.bus » 2020-07-14 11:55

mattg wrote:
2020-07-14 10:59
jim.bus wrote:
2020-07-14 10:29
mattg wrote:
2020-07-14 01:22


You could alternatively just copy the certificate files to your hMailserver machine each time that they change. Lets Encrypt change after 30 days so this can be a painful task when using lets encrypt
And mattg, I can't resist razzing you a little about this. This is the second time I know of when you seem to have forgotten that Let's Encrypt Certificates actually expire after 90 days not 30 days.
Oh I know that they expire after 90 days, but they are actually replaced before expiry date.

https://certbot.eff.org/docs/using.html ... d-renewals
certbot renew - This command attempts to renew any previously-obtained certificates that expire in less than 30 days
Looking at the historical certificates on my system, and thinking this through, that actually means that certificates are replaced after 60 days by default using certbot (Linux + Cron).

Life of the certificate is not the same as the time between replacements.

It matters little to me, except that I need to restart my hMailserver somewhere in the 30 days between when a subsequent certificate is issued, and the current certificate expires.

This is normally handled with Windows updates.

See where I get the 30 days from? :D
Yes, my Let's Encrypt Certificates also renew after 60 days as well but my statement was that they expire in 90 days and your statement was they change in 30 days. But I am a nitpicker and like to have fun with nitpicking. Hope you don't mind my picking on you a little.

User avatar
mattg
Moderator
Moderator
Posts: 20960
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Can´t connect from clients to hmailserver when using SSL

Post by mattg » 2020-07-14 14:09

All good :mrgreen: :mrgreen:
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Bob.Dig
New user
New user
Posts: 17
Joined: 2020-06-29 09:18
Location: Berlin

Re: Can´t connect from clients to hmailserver when using SSL

Post by Bob.Dig » 2020-07-14 14:19

If I remember correct, hmailserver has a naming issue. Mine look like this and that works fine.
xyz.com.fullchain
xyz.com.key

User avatar
jim.bus
Senior user
Senior user
Posts: 409
Joined: 2011-05-28 11:49
Location: US

Re: Can´t connect from clients to hmailserver when using SSL

Post by jim.bus » 2020-07-14 20:32

I've had problems with my Let's Encrypt certificate when trying to use the chain.pem file. hMailServer gets errors with it. Seemingly this appears to be in the chain.pem file. The validity date is already expired if memory serves me corretly.

So, I've been using the cert.pem and privkey.pem files in hMailServer which has seemingly works with no issues.

Post Reply