Closed ayontulip closed 7 years ago
please also post the contents of your tls.ini file.
as well as a few more lines above the error you posted above.
key=tls_key.pem cert=tls_cert.pem ; dhparam=dhparams.pem ; generate this file with: openssl dhparam -out config/dhparams 2048
; ciphers: a list of permitted ciphers ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
; honorCipherOrder=false ; rejectUnauthorized=false ; requestCert=true
[redis] ; options in this block require redis to be available.
; remember when a remote fails STARTTLS. The next time they connect, ; don't offer STARTTLS option (so message gets delivered). ; pro: increases mail reliability ; con: reduces security ; default: false ; disable_for_failed_hosts=true
; no_tls_hosts - disable TLS for servers with broken TLS. [no_tls_hosts] ; 127.0.0.1 ; 192.168.1.1 ; 172.16.0.0/16
It looks an awful lot like you have a stray newline in there, with this:
SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
being on it's own line, instead of being attached to the line above it.
I suspect the log error shown immediately above the log snippet I asked for above would confirm that.
But i am getting another error:
501 SSL attempted over a non-SSL socket
[NOTICE] [687BC685-5B43-4B89-9DB2-417679F096F4] [core] disconnect ip=127.0.0.1 rdns="Unknown" helo="" relay=N early=N esmtp=N tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="501 SSL attempted over a non-SSL socket" time=0.036 [NOTICE] [16B28A0E-9154-44EF-987A-3699E94322DA] [core] connect ip=127.0.0.1 port=52868 local_ip=:: local_port=587
That looks like a PEBKAC error.
there is some issue with tls config, i'm using Self Issued Certificate
My Plugin File is
access dnsbl
helo.checks
tls
auth/flat_file
mail_from.is_resolvable
rcpt_to.in_host_list
data.headers data.uribl attachment clamd spamassassin dkim_sign
queue/smtp_forward max_unrecognized_commands
I'm trying only Outbound Email server with tls, without tls it's work but go Spam Mail
SMTP doesn't use TLS directly, it upgrades a non-encrypted connection with STARTTLS.
any solution for Spam Mail
[CRIT] [-] [core] TypeError: Cannot read property '1' of null [CRIT] [-] [core] at /var/www/Haraka/node_modules/haraka-config/readers/ini.js:50:51 [CRIT] [-] [core] at Array.forEach (native) [CRIT] [-] [core] at Object.exports.load (/var/www/Haraka/node_modules/haraka-config/readers/ini.js:24:6) [CRIT] [-] [core] at Object.cfreader.load_config (/var/www/Haraka/node_modules/haraka-config/configfile.js:283:34) [CRIT] [-] [core] at Object.cfreader.read_config (/var/www/Haraka/node_modules/haraka-config/configfile.js:205:27) [CRIT] [-] [core] at Config.get (/var/www/Haraka/node_modules/haraka-config/config.js:27:28) [CRIT] [-] [core] at Object.exports.load_tls_ini (/var/www/Haraka/node_modules/haraka-net-utils/index.js:366:28) [CRIT] [-] [core] at Plugin.exports.load_tls_ini (/var/www/Haraka/plugins/tls.js:49:28) [CRIT] [-] [core] at Plugin.exports.register (/var/www/Haraka/plugins/tls.js:16:12) [CRIT] [-] [core] at Object.plugins._register_plugin (/var/www/Haraka/plugins.js:364:12)