SMTP Server SSL problem

Sakamoto Ryōma

Sakamoto Ryōma

Verified User
Joined
Jun 4, 2011
Messages
69
I can get emails but I can't send emails.

I searched on the forum and my email_sni configuration is set to 1 and I tried following commands as suggested.

cd /usr/local/directadmin
service directadmin restart
cd custombuild ./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set dovecot_conf yes
./build exim_conf
./build dovecot_conf

My DirectAdmin is also updated to the latest version.
I have a mail subdomain in my SSL certificates for those domains. Certificates are updated, and the location is correct.
/etc/dovecot/conf/sni/userdomain.com.conf is also set correctly.
I also checked whether there is any custom conf file for exim as in this thread (https://forum.directadmin.com/threads/directadmin-mail-sni-not-working-shared-ip.63545/) but there was not.
What should I check?
 

Attachments

  • Screen Shot 2023-11-09 at 11.56.18.png
    Screen Shot 2023-11-09 at 11.56.18.png
    422.1 KB · Views: 8
check your port 25 is open , check csf setting
search forum there are many solutions provided
 
I'm done with that server, created a new server with Debian OS and installed DirectAdmin, and it works out of the box.
 
I have the same problem with SSL again. There is a permission issue with the SSL file.

Code: 
2024-06-07 13:05:08 (SSL_CTX_use_certificate_chain_file file=/usr/local/directadmin/data/users/xxxxx/domains/yyy.com.cert.combined): error:8000000D:system library::Permission denied

This occurred after an automatic Let's Encrypt SSL renewal. It was previously working fine.

I have a custom script that grants access to the file for another user via Setfacl, as in this thread: link

This is the getfacl output of the SSL file above:

Code: 
# file: usr/local/directadmin/data/users/xxx/domains/yyy.com.cert.combined
# owner: diradmin
# group: access
user::rw-
user:xxx:r-x
group::--x
mask::r-x
other::---

I think the problem is with the group permission, which only has execute rights, but it should also have read permission. By default, there shouldn't be a problem with permission to the SSL file for the mail server. Is the permission broken because of my setfacl commands? But my setfacl command has nothing to do with group rights...
 
Last edited:
Anyway, I added this line to my custom acl.sh file mentioned in this link to grant read/execute permissions to SSL files, which solved the problem.

Code: 
        # Apply setfacl command for SSL Step 4
        # Read/Execute Permission to Access Group: daemon,nobody,mail,majordomo,apache,ftp,nginx
        sudo setfacl -Rm g:access:rx "$user_folder/domains/."
 
You must log in or register to reply here.
Back
Top