search

haraka / Haraka

A fast, highly extensible, and event driven SMTP server
https://haraka.github.io
MIT License
4.91k stars 653 forks source link

Error: no PRIVATE key in /opt/haraka/config/tls/dhparams.pem #3325

Closed ravivgolov closed 2 months ago

ravivgolov commented 2 months ago

How do I get rid of this error message?

cd /opt/haraka/config/tls
openssl dhparam -out dhparams.pem 2048
sudo haraka -c /opt/haraka
2024-04-20T12:58:02.752Z [ERROR] [-] [core] [object Object] had error: no PRIVATE key in /opt/haraka/config/tls/dhparams.pem

Additionally to the above issue, I am not able to figure out how to connect via the secured port 465. Created cert successfully using https://github.com/acmesh-official/acme.sh, compiled into one file: cat /home/ubuntu/.acme.sh/my.haraka.com_ecc/my.haraka.com.key /home/ubuntu/.acme.sh/my.haraka.com_ecc/my.haraka.com.cer /home/ubuntu/.acme.sh/my.haraka.com_ecc/ca.cer > /opt/haraka/config/tls/my.haraka.com.pem

TLS.ini file:

key=/opt/haraka/config/tls/relay.haraka.com.pem
cert=/opt/haraka/config/tls/relay.haraka.com.pem
dhparam=/opt/haraka/config/tls/dhparams.pem

folder path files:

ubuntu@relay:~$ ls /opt/mailwish/config/tls
dhparams.pem  relay.haraka.com.pem
ubuntu@relay:~$

Output haraka:

2024-04-20T13:20:48.581Z [INFO] [-] [core] found 2 TLS certs in config/tls
2024-04-20T13:20:48.581Z [ERROR] [-] [core] [object Object] had error: no PRIVATE key in /opt/haraka/config/tls/dhparams.pem
2024-04-20T13:20:48.582Z [NOTICE] [-] [core] Listening on 127.0.0.1:587
2024-04-20T13:20:48.582Z [NOTICE] [-] [core] Listening on 127.0.0.1:465

swaks --to email@gmail.com --from my@email.com --server localhost --port 465 --auth-user test --auth-password test --header "Subject: Test DKIM signing":

=== Trying localhost:465...
=== Connected to localhost.
<** Timeout (30 secs) waiting for server response
 -> QUIT
*** Remote host closed connection unexpectedly.
ubuntu@relay:~$
ubuntu@relay:~$ telnet localhost 465
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

While I am trying 587: ubuntu@relay:~$ telnet localhost 587

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 my.haraka.com ESMTP Haraka/3.0.3 ready (58ADE19A-EF0E-4202-B3C5-0D3C8E0F877C)

smtp.ini: ; address to listen on (default: all IPv6 and IPv4 addresses, port 25) ; use "[::0]:25" to listen on IPv6 and IPv4 (not all OSes) ; listen=[::0]:587 listen=127.0.0.1:587, 127.0.0.1:465, 127.0.0.1:25

Ports 587, 25, and 465 are opened in the Ubuntu firewall.

msimerson commented 2 months ago

Try installing it as the docs show. Put the dhparams.pem file the root of the config directory and set dhparam=dhparams.pem.

ravivgolov commented 2 months ago

I did as the docs show, it will always throw an error.

This error is not relevant, the more important. Do you know why the bounces are not sent to the sender-path? I triggered in purposes bounces, but they do not return to the sender-path.

I can see the bounce trigger in the console, but not sending to the sender.

msimerson commented 2 months ago

I did as the docs show, it will always throw an error.

This is a useless response. When you ask for help, you have a responsibility to not be wasting others time. Ask smarter questions. Read the error messages. If you don't understand the logs, post them and the messages surrounding them.

Bounces are just email messages like any other. Troubleshoot their delivery the same as any other message. What do the logs show? Is it stuck in the queue?

ravivgolov commented 2 months ago 
2024-04-23T15:09:11.511Z [INFO] [21D5EE97-9C65-4617-96DC-31CAC5E3F5D2.1.1] [outbound] bouncing mail: Some recipients failed: <raviv@outlook.com>
2024-04-23T15:09:11.512Z [INFO] [-] [outbound-logger] Bounced Record Added.
{"level":"info","time":"2024-04-23T15:09:11.511Z","pid":76264,"hostname":"relay.mymta.com","name":"outbound_logger","type":"bounced","job_id":"21D5EE97-9C65-4617-96DC-31CAC5E3F5D2.1.1","queue_time":"2024-04-23T15:09:10.358Z","recipient":"raviv@outlook.com","from":"raviv@customdomain.com","subject":"Testing email delivery","dsn_status":"550","dsn_message":"Requested action not taken: mailbox unavailable (S2017062302). [DU2PEPF00028D0B.eurprd03.prod.outlook.com 2024-04-23T15:09:11.466Z 08DC6181F4FA603C]","dsn_action":"failed","undelivered_reason":"550 5.5.0 Requested action not taken: mailbox unavailable (S2017062302). [DU2PEPF00028D0B.eurprd03.prod.outlook.com 2024-04-23T15:09:11.466Z 08DC6181F4FA603C]"}
2024-04-23T15:09:11.512Z [INFO] [21D5EE97-9C65-4617-96DC-31CAC5E3F5D2.1.1] [outbound]  hook=bounce plugin=outbound-logger function=handle_bounced params="" retval=OK msg=""
2024-04-23T15:09:11.512Z [INFO] [21D5EE97-9C65-4617-96DC-31CAC5E3F5D2.1.1] [outbound] Plugin responded with: 906. Not sending bounce.

Bounce settings:

[check]
reject_all=false
single_recipient=true
empty_return_path=true
bad_rcpt=true
bounce_spf=true
non_local_msgid=true

[reject]
single_recipient=true
empty_return_path=true
bounce_spf=false
non_local_msgid=false

I appreciate your help.

msimerson commented 2 months ago

[outbound] Plugin responded with: 906. Not sending bounce.

Please read that slowly and carefully. Then explain to me which part isn't clear.

ravivgolov commented 2 months ago

I understand it, but why? How to enable sending the bounce? this bounce is important.

msimerson commented 2 months ago

This is why: Plugin responded with: 906. Don't install or use plugins you don't understand.

ravivgolov commented 2 months ago

Oh, thank you, that was the outbound-logger settings: ;stop_at_bounce = true Should be stop_at_bounce = false

Superb matt! so lucky you help me with a very good answer.

ravivgolov commented 2 months ago

By the way, the plugin has a bug. stop_at_bounce = false not affecting, I had to remove the plugin. some one need to update this plugin to work.

ravivgolov commented 2 months ago

How do I change the 250-mail.example.com Hello client.example.com [192.168.1.1], Haraka is at your service. "Haraka is at your service"