I resolve this by correct this:
$config['managesieve_auth_type'] = PLAIN;
$config['managesieve_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'verify_depth' => 3,
'cafile' => '/etc/letsencrypt/live/mydomain.com/fullchain.pem'
),
);
In: plugins/managesieve/config.inc.ph
Not sure what you mean by "second domain" but here's how you'd secure Nginx with Let's Encrypt:
- Open and edit the SSL template file: sudo nano /etc/nginx/templates/ssl.tmpl
Find the following 2 lines:
ssl_certificate /etc/ssl/certs/iRedMail.crt;
ssl_certificate_key /etc/ssl/private/iRedMail.key;
Replace them with:
ssl_certificate /etc/letsencrypt/live/mail.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.your-domain.com/privkey.pem;
Save and close the file. Then test nginx configuration and reload:
sudo nginx -t
sudo systemctl reload nginx
You will also need to configure Postfix and Dovecot to use the Let’s Encrypt issued certificate so that desktop mail client won’t display security warning.
Edit the main configuration file of Postfix:
sudo nano /etc/postfix/main.cf
Find the following 3 lines:
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
Replace them with:
smtpd_tls_key_file = /etc/letsencrypt/live/mail.your-domain.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.your-domain.com/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.your-domain.com/chain.pem
Save and close the file. Then reload Postfix:
sudo postfix reload
Next, edit the main configuration file of Dovecot:
sudo nano /etc/dovecot/dovecot.conf
Find the following 2 lines:
ssl_cert = </etc/ssl/certs/iRedMail.crt
ssl_key = </etc/ssl/private/iRedMail.key
Replace them with:
ssl_cert = </etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.your-domain.com/privkey.pem
Save and close the file. Then reload dovecot:
sudo dovecot reload
To auto renew certificate, simply open root user’s crontab file:
sudo crontab -e
Then add the following line at the bottom of the file:
@daily letsencrypt renew --quiet && /usr/sbin/postfix reload && /usr/sbin/dovecot reload && systemctl reload nginx
Not sure what you mean by "second domain" but here's how you'd secure Nginx with Let's Encrypt:
Hi pnjo23
Sorry if my description was lagging some info.
I have created my mailserver with domain1.com and added certificates according to the guide you have described. Everything is working perfectly.
Now I would like to add a second domain, let's call it domain2.com. In order for me to allow users to access both domain1.com/mail and domain2.com/mail I need to add SSL certificates for domain2.com in Nginx somewhere, but I can't seem to figure out how to do it 
For Postfix and Dovecot I assume I do not need to add a new certificate, since I have added domain1.com as MX for domain2.com, and therefore only uses domain1.com for mails.
I'm aware I could just make a webforward or something from domain2.com to domain1.com, but I think the other way around is more correct.
I found this guide: https://www.linuxbabe.com/mail-server/u … stallation - See the last bit about "Using Separate Domain for RoundCube". It is this part I'm struggling with.
The ideal setup would be to use single certificate for all traffic. So your mail server could be i.e. mail.runbergmail.com which handles mail for multiple domains and also webmail could be found in mail.runbergmail.com/mail.
This is by far the easiest and recommended way to handle multiple domains.
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): v0.9.8
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I'm migrating iredmail to a new server. After installing iredmail, I configured SSL certificates using the same ones I have in the old server, everything it's ok, all services restart successfully, nginx uses the right certificate when login in to roundcube. When sending a test email I get this error in /var/log/maillog:
Jul 22 13:48:47 mail postfix/submission/smtpd[119950]: connect from mail.XX.YY[127.0.0.1]
Jul 22 13:48:47 mail postfix/submission/smtpd[119950]: Anonymous TLS connection established from mail.paas.cl[127.0.0.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Jul 22 13:48:47 mail postfix/submission/smtpd[119950]: warning: connect to 127.0.0.1:7777: Connection refused
Jul 22 13:48:47 mail postfix/submission/smtpd[119950]: warning: problem talking to server 127.0.0.1:7777: Connection refused
Jul 22 13:48:48 mail postfix/submission/smtpd[119950]: warning: connect to 127.0.0.1:7777: Connection refused
Jul 22 13:48:48 mail postfix/submission/smtpd[119950]: warning: problem talking to server 127.0.0.1:7777: Connection refused
Jul 22 13:48:48 mail postfix/submission/smtpd[119950]: NOQUEUE: reject: RCPT from mail.XX.YY[127.0.0.1]: 451 4.3.5 Server configuration problem; from=<postmaster@XX.YY> to=<#######@#######> proto=ESMTP helo=<_>
Jul 22 13:48:48 mail roundcube: <e9lhfo47> SMTP Error: Failed to add recipient '#######@#######l'. 4.3.5 Server configuration problem (Code: 451) in /var/www/roundcubemail-1.3.6/program/lib/Roundcube/rcube.php on line 1667 (POST /mail/?_task=mail&_unlock=loading1532267326370&_lang=en_US&_framed=1&_action=send)
Jul 22 13:48:48 mail postfix/submission/smtpd[119950]: disconnect from mail.XX.YY[127.0.0.1]
And these are the errors for iredmail automatic generated emails (backup, stats):
Jul 22 13:16:04 mail postfix/qmgr[6380]: 87B1F208EC: from=<root@mail.XX.YY>, size=4041, nrcpt=1 (queue active)
Jul 22 13:16:04 mail postfix/qmgr[6380]: CFA9C2098A: from=<root@mail.XX.YY>, size=1328, nrcpt=1 (queue active)
Jul 22 13:16:04 mail postfix/amavis/smtp[116727]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
Jul 22 13:16:04 mail postfix/amavis/smtp[116729]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
Jul 22 13:16:04 mail postfix/amavis/smtp[116727]: 87B1F208EC: to=<root@mail.XX.YY>, relay=none, delay=129841, delays=129841/0.03/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Jul 22 13:16:04 mail postfix/amavis/smtp[116729]: CFA9C2098A: to=<root@mail.XX.YY>, relay=none, delay=121562, delays=121562/0.05/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Since it's a new installation everything points to a be an SSL certificate issue. Please give me some directions to dig into the right direction.
Thanks,
/Christian
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): v0.9.8
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I'm migrating iredmail to a new server. After installing iredmail, I configured SSL certificates using the same ones I have in the old server, everything it's ok, all services restart successfully, nginx uses the right certificate when login in to roundcube. When sending a test email I get this error in /var/log/maillog:
Jul 22 13:48:47 mail postfix/submission/smtpd[119950]: connect from mail.XX.YY[127.0.0.1]
Jul 22 13:48:47 mail postfix/submission/smtpd[119950]: Anonymous TLS connection established from mail.paas.cl[127.0.0.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Jul 22 13:48:47 mail postfix/submission/smtpd[119950]: warning: connect to 127.0.0.1:7777: Connection refused
Jul 22 13:48:47 mail postfix/submission/smtpd[119950]: warning: problem talking to server 127.0.0.1:7777: Connection refused
Jul 22 13:48:48 mail postfix/submission/smtpd[119950]: warning: connect to 127.0.0.1:7777: Connection refused
Jul 22 13:48:48 mail postfix/submission/smtpd[119950]: warning: problem talking to server 127.0.0.1:7777: Connection refused
Jul 22 13:48:48 mail postfix/submission/smtpd[119950]: NOQUEUE: reject: RCPT from mail.XX.YY[127.0.0.1]: 451 4.3.5 Server configuration problem; from=<postmaster@XX.YY> to=<#######@#######> proto=ESMTP helo=<_>
Jul 22 13:48:48 mail roundcube: <e9lhfo47> SMTP Error: Failed to add recipient '#######@#######l'. 4.3.5 Server configuration problem (Code: 451) in /var/www/roundcubemail-1.3.6/program/lib/Roundcube/rcube.php on line 1667 (POST /mail/?_task=mail&_unlock=loading1532267326370&_lang=en_US&_framed=1&_action=send)
Jul 22 13:48:48 mail postfix/submission/smtpd[119950]: disconnect from mail.XX.YY[127.0.0.1]
And these are the errors for iredmail automatic generated emails (backup, stats):
Jul 22 13:16:04 mail postfix/qmgr[6380]: 87B1F208EC: from=<root@mail.XX.YY>, size=4041, nrcpt=1 (queue active)
Jul 22 13:16:04 mail postfix/qmgr[6380]: CFA9C2098A: from=<root@mail.XX.YY>, size=1328, nrcpt=1 (queue active)
Jul 22 13:16:04 mail postfix/amavis/smtp[116727]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
Jul 22 13:16:04 mail postfix/amavis/smtp[116729]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
Jul 22 13:16:04 mail postfix/amavis/smtp[116727]: 87B1F208EC: to=<root@mail.XX.YY>, relay=none, delay=129841, delays=129841/0.03/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Jul 22 13:16:04 mail postfix/amavis/smtp[116729]: CFA9C2098A: to=<root@mail.XX.YY>, relay=none, delay=121562, delays=121562/0.05/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Since it's a new installation everything points to a be an SSL certificate issue. Please give me some directions to dig into the right direction.
Thanks,
/Christian
Hi Zhang,
I am having EXACTLY the same problem. I am using the same exact CentOS 7.5 version and was running 0.9.8 fine since it came out. I just did a YUM UPDATE and after the SLAPD service would not start.
Jul 22 13:12:08 main: TLS init def ctx failed: -1
Jul 22 13:12:08 mail slapd[9056]: slapd destroy: freeing system resources.
Jul 22 13:12:08 mail slapd[9056]: slapd stopped.
I'm using Letsencrypt so I thought it was a permission on a file, or a folder, or a higher up folder, I tried everything. Even tried pointing to the specific files instead of the symlinks, no help. I came across this post and tried to REM out the three TLS lines. Then the service started no problem.
Everything seems to be working ok now.
Any idea what's causing this ? It's pretty serious as NO ONE incluing the postmaster account could get e-mail or open the iRedMail Pro console while we were having this issue.
Hello,
I run iRedmail 0.9.8 on Debian 9, MYSQL, Nginx.
When I send an email I got this error:
SMTP Error (554): Failed to add recipient...
Any idea?
Thank you.
ZhangHuangbin wrote:Nginx config file (syntax and order of loaded template files) looks fine, you'd better turn on debug mode in Nginx for troubleshooting the url match scheme, check which `location` directive (or other directive) matches the roundcube url.
We offer paid support if you need assistance:
https://www.iredmail.org/support.htmlSeems nginx not compile with debug support, so I can't perform that task.
Anyway, is it possible to using nginx from official repo?
I mean the script seems manually compile nginx with custom command.
So whenever new version from official, it won't pick up/update.
Any suggestion?
I had this exact same issue. As per the Roundcube documentation, I had removed "system" from PHP.INI disable_functions section. I had not noticed but a small part of the Roundcube upgrade script did not run. Specifically the JS dependancies script in bin/install-jsdeps.sh.
To resolve the issue, I put in remark the entire "disable_functions" section in the /etc/php.ini file by adding a semi-colon at the beginning of the line :
" ;disable_functions = apache_setenv,posix_uname,eval,pcntl_wexitstatus,posix_get, etc, etc, etc........."
Then I went to /var/www/roundcubemail-1.3.0 (which is symlinked to /var/www/roundcubemail as shown below
lrwxrwxrwx 1 root root 28 Sep 18 2017 roundcubemail -> /var/www/roundcubemail-1.3.0
drwxr-xr-x 13 root root 4096 Jul 20 20:07 roundcubemail-1.3.0
it seems the script does NOT rename the roundcube directory to 1.3.6)
So, from /var/www/roundcubemail-1.3.0 I ran "bin/install-jsdeps.sh". It worked.
I went back to /etc/php.ini and removed the semicolon from the disable_functions line. **** Don't forget this step ****
Everything worked perfectly afterwards !!!
when click on the license, the following error message appear.
License
Error while getting license info: <urlopen error [Errno -2] Name or service not known>
Please advise
Strange, this issue happened few times with our DNS name.
We use Linode DNS server to host "iredmail.org", there's no service outage reported on their "Linode Status" (https://status.linode.com ) page, and it works fine for me, but few users reported that they cannot check license info with same error message as yours.
Can you resolve domain name "lic.iredmail.org" on your server?
Seems nginx not compile with debug support, so I can't perform that task.
You can install package 'nginx-debug' then try again.
SMTP Error (554): Failed to add recipient...
Please show us full original error message in Postfix log file (/var/log/maillog).
1: For OpenLDAP service, if you don't need to allow access from external network, it's ok to not use ssl cert (that means no STARTTLS support for port 389, and no ssl on 636).
2: make sure the service daemon user/group can access /etc/letsencrypt/live and /etc/letsencrypt/archive/.
Jul 22 13:48:47 mail postfix/submission/smtpd[119950]: warning: problem talking to server 127.0.0.1:7777: Connection refused
iRedAPD service is not running.
Hello!
I use SQL from the console
I created alias
INSERT INTO alias (address, name, domain, active) VALUES ('test@mail.ltd', 'mail_alias', 'mail.ltd', 1);
and added user@mail.ltd
INSERT INTO forwardings (address, forwarding, domain, is_list) VALUES ('test@mail.ltd', 'user@mail.ltd', 'mail.ltd', 1);
now I want to delete user@mail.ltd from forwarding and then add another user
DELETE FROM forwardings
WHERE address = '<test@mail.ltd>'
AND forwarding = '<user@mail.ltd>'
AND is_list = 1;
Query OK, 0 rows affected (0.00 sec)
but for some reason this method does not work, tell me how to delete the user
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): v0.9.8
- Linux/BSD distribution name and version: centos7
- Store mail accounts in which backend (MySQL):
- Web server (Nginx):Nginx
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Wow, it seems that iRedAPD was not installed/configured correctly during the installation:
[root@mail centos]# service iredapd start
Redirecting to /bin/systemctl start iredapd.service
Failed to start iredapd.service: Unit not found.
iRedAPD Installation details:
iRedAPD - Postfix Policy Server:
* Version: 2.2
* Listen address: 127.0.0.1, port: 7777
* SQL database account:
- Database name: iredapd
- Username: iredapd
- Password: XXXXXXXXXXXXXXXXXXXXXXX
* Configuration file:
- /opt/iredapd/settings.py
* Related files:
- /opt/iRedAPD-2.2
- /opt/iredapd (symbol link to /opt/iRedAPD-2.2
Do you have some advise to setup iredapd service correctly?
Hello again!
Unfortunately, it doesn't seem to have solved it. See the result of the following commands:
1-
root@srv-mx1:~# /opt/iredapd/tools/spf_to_greylist_whitelists.py | fgrep 'garbo'
+ [garboenvidracamentos.com]
root@srv-mx1:~#
2-
root@srv-mx1:~# /opt/iredapd/tools/wblist_admin.py --list --whitelist | fgrep 'garbo'
@garboenvidracamentos.com
root@srv-mx1:~#
Even after adding in whitelists with the tools of the Iredmail the locks still keep happening.
cat /var/log/mail.log | fgrep 'garboenvidracamentos.com'
Jul 23 11:53:39 srv-mx1 postfix/smtpd[20962]: NOQUEUE: reject: RCPT from p3plsmtpa12-05.prod.phx3.secureserver.net[68.178.252.234]: 451 4.7.1 <compras@metalleste.com>: Recipient address rejected: Intentional policy rejection, please try again later; from=<garbo@garboenvidracamentos.com> to=<compras@metalleste.com> proto=ESMTP helo=<p3plsmtpa12-05.prod.phx3.secureserver.net>
Jul 23 11:55:54 srv-mx1 postfix/smtpd[20962]: NOQUEUE: reject: RCPT from p3plsmtpa12-05.prod.phx3.secureserver.net[68.178.252.234]: 451 4.7.1 <compras@metalleste.com>: Recipient address rejected: Intentional policy rejection, please try again later; from=<garbo@garboenvidracamentos.com> to=<compras@metalleste.com> proto=ESMTP helo=<p3plsmtpa12-05.prod.phx3.secureserver.net>
Jul 23 12:00:57 srv-mx1 postfix/smtpd[21034]: NOQUEUE: reject: RCPT from p3plsmtpa12-05.prod.phx3.secureserver.net[68.178.252.234]: 451 4.7.1 <compras@metalleste.com>: Recipient address rejected: Intentional policy rejection, please try again later; from=<garbo@garboenvidracamentos.com> to=<compras@metalleste.com> proto=ESMTP helo=<p3plsmtpa12-05.prod.phx3.secureserver.net>
Jul 23 12:12:19 srv-mx1 postfix/qmgr[14926]: BBA8B5DDDC: from=<garbo@garboenvidracamentos.com>, size=618083, nrcpt=1 (queue active)
Jul 23 12:12:20 srv-mx1 postfix/qmgr[14926]: 076F15E1A8: from=<garbo@garboenvidracamentos.com>, size=618591, nrcpt=1 (queue active)
Jul 23 12:12:20 srv-mx1 amavis[15134]: (15134-12) Passed CLEAN {RelayedInbound}, [68.178.252.234]:44391 [104.215.75.60] <garbo@garboenvidracamentos.com> -> <compras@metalleste.com>, Queue-ID: BBA8B5DDDC, Message-ID: <CEE3CB6BF1FD552C.13370F6C-DB96-4B86-8CEE-B997E8B7C191@mail.outlook.com>, mail_id: 9aZUME7FnIOl, Hits: -, size: 618082, queued_as: 076F15E1A8, 579 ms
How can I analyze more detailed what's going on?
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Centos7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I create an entry on my iPhone in a shared calendar. Let’s say „iPhone test“.
That entry appears in Sogo webinterface. But then after a while disappears in the Sogo webinterface.
They are then shown slightly more grey on the iPhone.
Joe can I keep them on all devices and on server?
Chris
Hi,
if I get you right, you already have successfully installed a lets encrypt certificate for domain1. In this case you can just use the certbot cli-tools to add further hosts to your existing certificate.
See -extend Flag: https://certbot.eff.org/docs/using.html … rtificates
To get to the certbot documentation for your system, use https://certbot.eff.org
You could even add more hosts to use for example as MX in domain2.com, the certificate is shared among nginx, postfix, dovecot e.a.. But if you want to automate issuing/renewal of certs, you need to make sure that the dns zone is up and running and the hosts used in the expand statement point to your iredmail host.
Especially adding hosts to use for MX might prove tricky as you might need to add extra config steps to make them available for the web based auth process.
I urge you to read the certbot manual so you can decide if you might want to use the dns-based authentication for your purpose.
Sorry, I do not have the exact working comand at hand, as I am not using this anymore. But I guess for this use case it is a good way to go!
-Jochen
