search

mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
https://mailinabox.email/
Creative Commons Zero v1.0 Universal
13.89k stars 1.43k forks source link

Status check change notification #1834

Open jookk opened 3 years ago

jookk commented 3 years ago

Every night Im gettting status check change notice. Can someone check? v.0.50

Exception in callback None() handle: <Handle cancelled> Traceback (most recent call last): File "/usr/lib/python3.6/asyncio/events.py", line 145, in _run self._callback(*self._args) File "/usr/lib/python3.6/asyncio/selector_events.py", line 721, in _read_ready self._protocol.data_received(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 505, in data_received ssldata, appdata = self._sslpipe.feed_ssldata(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 201, in feed_ssldata self._sslobj.do_handshake() File "/usr/lib/python3.6/ssl.py", line 694, in do_handshake match_hostname(self.getpeercert(), self.server_hostname) File "/usr/local/lib/mailinabox/env/lib/python3.6/site-packages/idna_ssl.py", line 19, in patched_match_hostname return real_match_hostname(cert, hostname) File "/usr/lib/python3.6/ssl.py", line 327, in match_hostname % (hostname, ', '.join(map(repr, dnsnames)))) ssl.CertificateError: hostname 'mta-sts.domain.eu' doesn't match either of 'domainb.sk', 'www.domainb.sk' Exception in callback None() handle: <Handle cancelled> Traceback (most recent call last): File "/usr/lib/python3.6/asyncio/events.py", line 145, in _run self._callback(*self._args) File "/usr/lib/python3.6/asyncio/selector_events.py", line 721, in _read_ready self._protocol.data_received(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 505, in data_received ssldata, appdata = self._sslpipe.feed_ssldata(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 201, in feed_ssldata self._sslobj.do_handshake() File "/usr/lib/python3.6/ssl.py", line 694, in do_handshake match_hostname(self.getpeercert(), self.server_hostname) File "/usr/local/lib/mailinabox/env/lib/python3.6/site-packages/idna_ssl.py", line 19, in patched_match_hostname return real_match_hostname(cert, hostname) File "/usr/lib/python3.6/ssl.py", line 327, in match_hostname % (hostname, ', '.join(map(repr, dnsnames)))) ssl.CertificateError: hostname 'mta-sts.domainc.eu' doesn't match either of 'domainb', 'www.domainb.sk' Exception in callback None() handle: <Handle cancelled> Traceback (most recent call last): File "/usr/lib/python3.6/asyncio/events.py", line 145, in _run self._callback(*self._args) File "/usr/lib/python3.6/asyncio/selector_events.py", line 721, in _read_ready self._protocol.data_received(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 505, in data_received ssldata, appdata = self._sslpipe.feed_ssldata(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 201, in feed_ssldata self._sslobj.do_handshake() File "/usr/lib/python3.6/ssl.py", line 694, in do_handshake match_hostname(self.getpeercert(), self.server_hostname) File "/usr/local/lib/mailinabox/env/lib/python3.6/site-packages/idna_ssl.py", line 19, in patched_match_hostname return real_match_hostname(cert, hostname) File "/usr/lib/python3.6/ssl.py", line 327, in match_hostname % (hostname, ', '.join(map(repr, dnsnames)))) ssl.CertificateError: hostname 'mta-sts.domaind.sk' doesn't match either of 'domainb.sk', 'www.domainb.sk' Exception in callback None() handle: <Handle cancelled> Traceback (most recent call last): File "/usr/lib/python3.6/asyncio/events.py", line 145, in _run self._callback(*self._args) File "/usr/lib/python3.6/asyncio/selector_events.py", line 721, in _read_ready self._protocol.data_received(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 505, in data_received ssldata, appdata = self._sslpipe.feed_ssldata(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 201, in feed_ssldata self._sslobj.do_handshake() File "/usr/lib/python3.6/ssl.py", line 694, in do_handshake match_hostname(self.getpeercert(), self.server_hostname) File "/usr/local/lib/mailinabox/env/lib/python3.6/site-packages/idna_ssl.py", line 19, in patched_match_hostname return real_match_hostname(cert, hostname) File "/usr/lib/python3.6/ssl.py", line 327, in match_hostname % (hostname, ', '.join(map(repr, dnsnames)))) ssl.CertificateError: hostname 'mta-sts.domainb.sk' doesn't match either of 'domainb.sk', 'www.domainb.sk' STS policy fetch for domain 'domainc.eu' failed with error: Cannot connect to host mta-sts.domainc.eu:443 ssl:True [CertificateError: ("hostname 'mta-sts.domainc.eu' doesn't match either of 'domainb.sk', 'www.domainb.sk'",)] STS policy fetch for domain 'domain.eu' failed with error: Cannot connect to host mta-sts.domain.eu:443 ssl:True [CertificateError: ("hostname 'mta-sts.domain.eu' doesn't match either of 'domainb.sk', 'www.domainb.sk'",)] STS policy fetch for domain 'domainb.sk' failed with error: Cannot connect to host mta-sts.domainb.sk:443 ssl:True [CertificateError: ("hostname 'mta-sts.domainb.sk' doesn't match either of 'domainb', 'www.domainb.sk'",)] STS policy fetch for domain 'domaind.sk' failed with error: Cannot connect to host mta-sts.domaind.sk:443 ssl:True [CertificateError: ("hostname 'mta-sts.domaind.sk' doesn't match either of 'domainb.sk', 'www.domainb.sk'",)] Exception in callback None() handle: <Handle cancelled> Traceback (most recent call last): File "/usr/lib/python3.6/asyncio/events.py", line 145, in _run self._callback(*self._args) File "/usr/lib/python3.6/asyncio/selector_events.py", line 721, in _read_ready self._protocol.data_received(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 505, in data_received ssldata, appdata = self._sslpipe.feed_ssldata(data) File "/usr/lib/python3.6/asyncio/sslproto.py", line 201, in feed_ssldata self._sslobj.do_handshake() File "/usr/lib/python3.6/ssl.py", line 694, in do_handshake match_hostname(self.getpeercert(), self.server_hostname) File "/usr/local/lib/mailinabox/env/lib/python3.6/site-packages/idna_ssl.py", line 19, in patched_match_hostname return real_match_hostname(cert, hostname) File "/usr/lib/python3.6/ssl.py", line 327, in match_hostname % (hostname, ', '.join(map(repr, dnsnames)))) ssl.CertificateError: hostname 'mta-sts.box.domaind.sk' doesn't match either of 'domainb.sk', 'www.domainb.sk' STS policy fetch for domain 'box.domaind.sk' failed with error: Cannot connect to host mta-sts.box.domaind.sk:443 ssl:True [CertificateError: ("hostname 'mta-sts.box.domaind.sk' doesn't match either of 'domainb.sk', 'www.domainb.sk'",)]

jookk commented 3 years ago

maybe, because Im running in front of my public ip web server on ports 80,443. So, not miab.

boothb commented 3 years ago

Hi there, I have the same problem since upgrading to v0.50.

Found a slight difference in the error on my box:

ssl.CertificateError: hostname '123.12.23.12' doesn't match either of 'box.example.com', 'example.com', 'www.example.com'

maybe, because Im running in front of my public ip web server on ports 80,443. So, not miab.

I'm not sure what that means, is your box in front of a web server or a web server in front of the box? In my case its a vanilla Ubuntu and mailinabox without anything special.

boothb commented 3 years ago

Still facing this problem. Now with v0.51. Addition information:

Status Check shows MTA-STS policy is missing: STSFetchResult.FETCH_ERROR in example.com and box.example.com.

I could not find anything else which could be wrong with the box. I checked all important DNS records, hostname, ufw, access to .well-known/mta-sts.txt is there. Checks for mta-sts run fine. Still daily message with the python exception.

boothb commented 3 years ago

Still no change to this. In the meantime I deleted the certificates for mta-sts* and reran ssl_certificates.py. No luck changing the outcome.

sysfu commented 3 years ago

Status Check shows MTA-STS policy is missing: STSFetchResult.FETCH_ERROR in example.com and box.example.com.

Similar issue with a system I stood up yesterday. My message is 'MTA-STS policy is missing: STSFetchResult.NONE'

Of note: I'm running a custom DNS A record for the bare domain.

sysfu commented 3 years ago

Determined the issue: No TLS/SSL certificate had been provisioned for mta-sts.domain.tld or mta-sts.host.domain.tld. Re-ran certificate provisioning tool and now it's good to go.