search

postalserver / postal

📮 A fully featured open source mail delivery platform for incoming & outgoing e-mail
https://postalserver.io
MIT License
14.89k stars 1.06k forks source link

SSL for SMTP #1112

Closed ivan006 closed 4 years ago

ivan006 commented 4 years ago

Please see my comment right at the end of this thread https://github.com/postalhq/postal/issues/511 I tried to enable SSL for the SMTP signal but to no avail

willpower232 commented 4 years ago

Please don't comment on closed issues.

When you say "to no avail" what error messages are you seeing?

ivan006 commented 4 years ago

Ok i moved the comment here:

I added the smtp_server settings to my postal.yml and restarted postal but when i test my smtp connection with SSL set the test fails. Here is the contents of my postal.yml file:

code ``` web: # The host that the management interface will be available on host: postal.outreach-hangar49.com # The protocol that requests to the management interface should happen on protocol: https fast_server: # This can be enabled to enable click & open tracking on emails. It is disabled by # default as it requires a separate static IP address on your server. enabled: false bind_address: general: # This can be changed to allow messages to be sent from multiple IP addresses use_ip_pools: true main_db: # Specify the connection details for your MySQL database host: 127.0.0.1 username: postal password: p0stalpassw0rd database: postal message_db: # Specify the connection details for your MySQL server that will be house the # message databases for mail servers. host: 127.0.0.1 username: postal password: p0stalpassw0rd prefix: postal rabbitmq: # Specify the connection details for your RabbitMQ server. host: 127.0.0.1 username: postal password: p0stalpassw0rd vhost: /postal dns: # Specifies the DNS record that you have configured. Refer to the documentation at # https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further # information about these. mx_records: - mx.postal.outreach-hangar49.com smtp_server_hostname: postal.outreach-hangar49.com spf_include: spf.postal.outreach-hangar49.com return_path: rp.postal.outreach-hangar49.com route_domain: routes.postal.outreach-hangar49.com track_domain: track.postal.outreach-hangar49.com smtp: # Specify an SMTP server that can be used to send messages from the Postal management # system to users. You can configure this to use a Postal mail server once the # your installation has been set up. host: 127.0.0.1 port: 2525 username: # Complete when Postal is running and you can password: # generate the credentials within the interface. from_name: Postal from_address: postal@yourdomain.com rails: # This is generated automatically by the config initialization. It should be a random # string unique to your installation. secret_key: 2939178bf71c9ec055bfde9ef6448cbf0e373b03e2ba11d18cc0e3c77cdfd1a11f3e307b1ad4817bfacb7459ea98c911218c7bcc8ccbb74777a1801aa8ca23423356dcb986eb515499660e6dc6e7ed44b5971083b108dec8f84aded6fb5e6f4613336d69590ca07d198905cdd22143f006062941fe51f14930eb98756ec25aaf smtp_server: tls_enabled: true tls_certificate_path: /etc/letsencrypt/live/postal.outreach-hangar49.com/fullchain.pem tls_private_key_path: /etc/letsencrypt/live/postal.outreach-hangar49.com/privkey.pem ```
ivan006 commented 4 years ago

I don't see any error but when i try to connect a SMTP consumer (like woodpecker/mautic/lemlist) it doesnt let me connect with encryption

ghost commented 4 years ago

Telnet your postal server

telnet <postal-server> 25

and try EHLO and STARTTLS. Then look at your logs, maybe there will be permission related problem like

Errno::EACCES: Permission denied @ rb_sysopen - /etc/letsencrypt/live...

If so, then give Postal right permission to letsencrypt directory

chown -R postal:postal /etc/letsencrypt

willpower232 commented 4 years ago

You can also look at the smtp_server log file to see that output or the logs from your app might help.

ivan006 commented 4 years ago

Much appreciated guys I will try that out

ghost commented 4 years ago

It's my pleasure. Don't forget you can see Postal logs realtime if you run Postal in console

postal run

ivan006 commented 4 years ago

Perfect (is https://www.adminkit.net/telnet.aspx good)

ivan006 commented 4 years ago

this is what i get when i use the above smtp_server configs and then run postal run

code 

Supervisor will be stopped when processes are stopped.
Waiting for supervisor to stop...
Supervisor has stopped
root@vmi392015:~# postal run
15:51:45 system             | Procodile supervisor started with PID 29805
15:51:45 system             | Application root is /opt/postal/app
15:51:45 system             | Automatic respawning is disabled
15:51:45 system             | Reloading configuration
15:51:45 control            | Listening at /tmp/postal/pids/procodile.sock
15:51:45 web.1              | Started with PID 29809
15:51:45 worker.1           | Started with PID 29811
15:51:45 cron.1             | Started with PID 29813
15:51:45 smtp.1             | Started with PID 29816
15:51:45 requeuer.1         | Started with PID 29819
15:51:46 web.1              | => Puma starting in single mode...
15:51:46 web.1              | => * Version 3.12.0 (ruby 2.3.8-p459), codename: Llamas in Pajamas
15:51:46 web.1              | => * Min threads: 5, max threads: 5
15:51:46 web.1              | => * Environment: production
15:51:51 smtp.1             | => rake aborted!
15:51:51 smtp.1             | =>
15:51:51 smtp.1             | => Errno::EADDRINUSE: Address already in use - bind(2) for "::" port 25
15:51:51 smtp.1             | =>
15:51:51 smtp.1             | => /opt/postal/app/lib/postal/smtp_server/server.rb:52:in `initialize'
15:51:51 smtp.1             | => /opt/postal/app/lib/postal/smtp_server/server.rb:52:in `open'
15:51:51 smtp.1             | => /opt/postal/app/lib/postal/smtp_server/server.rb:52:in `listen'
15:51:51 smtp.1             | => /opt/postal/app/lib/postal/smtp_server/server.rb:258:in `run'
15:51:51 smtp.1             | => /opt/postal/app/lib/tasks/postal.rake:13:in `block (2 levels) in '
15:51:51 smtp.1             | => /opt/postal/vendor/bundle/ruby/2.3.0/gems/rake-12.3.2/exe/rake:27:in `'
15:51:51 smtp.1             | =>
15:51:51 smtp.1             | => Tasks: TOP => postal:smtp_server
15:51:51 smtp.1             | =>
15:51:51 smtp.1             | => (See full trace by running task with --trace)
15:51:51 smtp.1             | =>
15:51:51 cron.1             | => [cron.1:29813] [2020-06-10T15:51:51.597] INFO -- : Starting clock for 8 events: [ every-1-minutes every-15-minutes every-15-minutes every-15-minutes every-15-minutes every-hour every-hour every-day ]
15:51:51 cron.1             | => [cron.1:29813] [2020-06-10T15:51:51.601] INFO -- : Triggering 'every-1-minutes'
15:51:51 requeuer.1         | => [requeuer.1:29819] [2020-06-10T15:51:51.923] INFO -- : Running message requeuer...
15:51:52 web.1              | => * Listening on tcp://127.0.0.1:5000
15:51:52 web.1              | => Use Ctrl-C to stop
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.436] INFO -- : Worker running with 4 threads
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.449] INFO -- : [IWVQPFPO6G] Started processing RequeueWebhooksJob job
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.451] INFO -- : Joined main queue
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.453] INFO -- : [PZGYFBMXKD] Started processing SendNotificationsJob job
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.455] INFO -- : [LOYWHOWV7D] Started processing RequeueWebhooksJob job
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.456] INFO -- : [FERI0UEEKK] Started processing SendNotificationsJob job
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.567] INFO -- : [LOYWHOWV7D] Finished processing RequeueWebhooksJob job in 0.111104284s
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.630] INFO -- : [IWVQPFPO6G] Finished processing RequeueWebhooksJob job in 0.180157598s
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.728] INFO -- : [PZGYFBMXKD] Finished processing SendNotificationsJob job in 0.275104962s
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.795] INFO -- : [FERI0UEEKK] Finished processing SendNotificationsJob job in 0.338916543s
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.799] INFO -- : Joined outgoing-2 queue
15:51:52 worker.1           | => [worker.1:29811] [2020-06-10T15:51:52.801] INFO -- : Joined outgoing-1 queue
15:51:54 smtp.1             | Process has stopped. Respawning not available.
15:51:54 smtp.1             | Removed PID file
willpower232 commented 4 years ago

Errno::EADDRINUSE: Address already in use - bind(2) for "::" port 25

This implies you are running another mailserver software. Can you check with netstat -lnp?

ivan006 commented 4 years ago

could this be due to me once trying to install mail-in-a-box??

code 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      718/epmd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      745/sshd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      27019/nginx -g daem
tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN      30368/[postal] web.
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      614/beam.smp
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      877/mysqld
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      27019/nginx -g daem
tcp6       0      0 :::4369                 :::*                    LISTEN      718/epmd
tcp6       0      0 :::22                   :::*                    LISTEN      745/sshd
tcp6       0      0 :::25                   :::*                    LISTEN      26967/[postal] smtp
tcp6       0      0 :::443                  :::*                    LISTEN      27019/nginx -g daem
tcp6       0      0 :::5672                 :::*                    LISTEN      614/beam.smp
tcp6       0      0 :::80                   :::*                    LISTEN      27019/nginx -g daem
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     SEQPACKET  LISTENING     14132    1/init              /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     21755133 30362/app)          /tmp/postal/pids/procodile.sock
unix  2      [ ACC ]     STREAM     LISTENING     15230    1/init              /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     15231    1/init              /run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     17720    877/mysqld          /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     12157003 31104/php-fpm.conf) /run/php/php7.2-fpm.sock
unix  2      [ ACC ]     STREAM     LISTENING     14122    1/init              /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     14126    1/init              /run/systemd/journal/stdout
willpower232 commented 4 years ago

It looks like you're still running postal somehow, is it worth rebooting the server to clear up the situation?

ivan006 commented 4 years ago

ok processing...

ivan006 commented 4 years ago

here

code 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN      1037/[postal] web.1
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      601/beam.smp
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      872/mysqld
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      934/nginx -g daemon
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      717/epmd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      893/sshd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      934/nginx -g daemon
tcp6       0      0 :::5672                 :::*                    LISTEN      601/beam.smp
tcp6       0      0 :::80                   :::*                    LISTEN      934/nginx -g daemon
tcp6       0      0 :::4369                 :::*                    LISTEN      717/epmd
tcp6       0      0 :::22                   :::*                    LISTEN      893/sshd
tcp6       0      0 :::25                   :::*                    LISTEN      1044/[postal] smtp.
tcp6       0      0 :::443                  :::*                    LISTEN      934/nginx -g daemon
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     SEQPACKET  LISTENING     654      1/init              /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     18499    1031/app)           /tmp/postal/pids/procodile.sock
unix  2      [ ACC ]     STREAM     LISTENING     896      1/init              /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     897      1/init              /run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     16926    603/php-fpm.conf)   /run/php/php7.2-fpm.sock
unix  2      [ ACC ]     STREAM     LISTENING     17102    872/mysqld          /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     650      1/init              /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     664      1/init              /run/systemd/journal/stdout
ivan006 commented 4 years ago

ok so you see where it says 1044/[postal] smtp there is something about that i need to explain:

the test i did that got that result was with the "smtp_server" configs removed entirely, whoops. I just reran it with those "smtp_server" configs inplace and its all the same except where it says 1044/[postal] smtp its now says 1501/[postal] smtp

ivan006 commented 4 years ago

I will be testing the server here: https://www.smtper.net/ with these details:

code 
plefort@go-tribalscale.com
Parker Lefort (sender name, not smtp username)

go-tribalscale
uA242guVBRiN3Og1HCZCWyVj
postal.outreach-hangar49.com
465
enable ssl? yes

result

code 
 SMTP send error
Failure sending mail.
No connection could be made because the target machine actively refused it. [::ffff:62.171.163.29]:465
ghost commented 4 years ago

Easy, don't rush. Run postal run in terminal window, wait until Postal services are up and ready. Then run telnet <postal-server> 25 in another terminal window and look what is happening. Type EHLO, type STARTLS and you will see. Find out more about SMTP telnet here https://www.sparkpost.com/blog/how-to-check-an-smtp-connection-with-a-manual-telnet-session

willpower232 commented 4 years ago

A couple of points, the username for Postal will contain a / that separates the organization from the server so I don't think you have the correct username.

The result error message says port 465 which is also likely incorrect as Postal uses 25.