I'm trying to get a roundcube/dovecot/postfix on a debian box on amazon running. I can log in and receive emails, but I cannot send. I get an error in roundcube, smtp authentication error (220) Authentication failed.
Roundcube error logs:
[24-Sep-2020 08:47:24 +0000]: <a83d4mll> PHP Error: STARTTLS failed (POST /?_task=mail&_unlock=loading1600937244456&_framed=1&_lang=en_US&_action=send)
[24-Sep-2020 08:47:24 +0000]: <a83d4mll> PHP Error: Invalid response code received from server (POST /?_task=mail&_unlock=loading1600937244456&_framed=1&_lang=en_US&_action=send)
[24-Sep-2020 08:47:24 +0000]: <a83d4mll> SMTP Error: Authentication failure: STARTTLS failed (Code: ) in /opt/bitnami/apps/roundcube/htdocs/program/lib/Roundcube/rcube.php on line 1702 (POST /?_task=mail&_unlock=loading1600937244456&_framed=1&_lang=en_US&_action=send)
roundcube SMTP log:
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Connecting to tls://webmail.theomnihealthgroup.com:587...
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 220 mail.theomnihealthgroup.com ESMTP Postfix (Debian/GNU)
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Send: EHLO webmail.theomnihealthgroup.com
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-mail.theomnihealthgroup.com
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-PIPELINING
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-SIZE 10240000
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-VRFY
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-ETRN
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-STARTTLS
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-ENHANCEDSTATUSCODES
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-8BITMIME
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-DSN
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250-SMTPUTF8
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 250 CHUNKING
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Send: STARTTLS
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: 220 2.0.0 Ready to start TLS
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Send: QUIT
[24-Sep-2020 08:52:08 +0000]: <a83d4mll> Recv: ^V^C^C^A,^L^@^A(^C^@^] <80>ÄS<96>ñrgY(v^P¿<97>Åjò<¬<9e>ò^U')gÔ<86>hG|¦^P^H^D^A^@Dv(RV<92>Tíìãô^HÂè<9c>è<98>ûÐU§Ð^Bfã<87><9a>4BNPÙ<82>GÏs¬
I'm pretty sure this has to do with the certs but I'm not sure how to fix it.
- Roundcube is running on apache at https://webmail.theomnihealthgroup.com
- I have an ssl cert associated with the webmail domain
- server is at theomnihealthgroup.org
postfix main.cf:
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
stmpd_tls_security_level = may
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_cert_file=/opt/bitnami/letsencrypt/certificates/webmail.theomnihealthgroup.com.crt
#smtpd_tls_key_file=/opt/bitnami/letsencrypt/certificates/webmail.theomnihealthgroup.com.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.theomnihealthgroup.com
#myhostname = theomnihealthgroup.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = theomnihealthgroup.com
mydomain = theomnihealthgroup.com
mydestination = $myhostname, ip-172-30-0-246.ec2.internal, localhost.ec2.internal, localhost, $mydomain, localhost.$mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_policy_service unix:private/policyd-spf
# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters
dovecot config:
mail_location = maildir:~/Maildir
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = " imap"
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
unix_listener auth-userdb {
mode = 0666
}
}
service imap-login {
inet_listener imap {
port = 143
}
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
roundcube config.inc.php
$config = array();
$config['debug_level'] = 1;
$config['smtp_debug'] = true;
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
// or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
$config['db_dsnw'] = 'mysql://bn_roundcube:22223abcde@localhost:3306/bitnami_roundcube';
// The IMAP host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// Enter hostname with prefix ssl:// to use Implicit TLS, or use
// prefix tls:// to use STARTTLS.
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
$config['default_host'] = 'mail.theomnihealthgroup.com';
// SMTP server host (for sending mails).
// Enter hostname with prefix ssl:// to use Implicit TLS, or use
// prefix tls:// to use STARTTLS.
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
# Also tried: $config['smtp_server'] = 'tls://theomnihealthgroup.com';
$config['smtp_server'] = 'tls://webmail.theomnihealthgroup.com';
// SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default)
$config['smtp_port'] = 587;
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = '';
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = 'https://community.bitnami.com/';
// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = 'Omni Mail';
// This key is used to encrypt the users imap password which is stored
// in the session record. For the default cipher method it must be
// exactly 24 characters long.
// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
$config['des_key'] = 'KJDKJIJEIKDJ';
// List of active plugins (in plugins/ directory)
$config['plugins'] = array(
'archive',
'zipdownload',
);
// skin name: folder from skins/
$config['skin'] = 'elastic';
$config['default_port'] = 143;
$config['mime_param_folding'] = 0;
When you set
$config['smtp_server']
with an URL that starts withtls://
, you're setting up a PHP SSL context. As suggested by the default roundcube config, you may need to set options on the context.In my case, I had to provide:
peer_name
, the mail server's domain name.cafile
, the CA file path.You can put the following in your Roundcube
config.inc.php
file: