SMTP en erreur sur Thunderbird

Matériel: VPS OVH 2 vcores 4Go 160Go
Version de YunoHost: 11.0.10.2 (stable).
J’ai accès à mon serveur : En SSH
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non

Bonjour
Depuis quelques jours je ne peux plus envoyer de messages avec Thunderbird. J’ai le message ci-dessous

et quand je veux confirmer l’exeption j’ai ce message

L’envoi se fait correctement avec le webmail
L’autorité de certification est Let’s Encrypt (ecologie.bzh)
et sa validité actuelle est de 84 jours

Je suis perdu et ne vois pas comment régler ce nouveau problème
Merci de vos conseils et de votre aide
René

Est-ce que redémarrer le service postfix résouds le problème ? (Dans la webadmin > Services > postfix > Redémarrer)

Moi, j’ai ce problème aussi et cela ne change pas par redémarrer ni le service ni le serveur malheureusement.

connect from d536f8fc.access.ecotel.net[213.54.248.252]
Nov 28 06:46:45 postfix/submission/smtpd[23967]: SSL_accept error from d536f8fc.access.ecotel.net[213.54.248.252]: -1
Nov 28 06:46:45 postfix/submission/smtpd[23967]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45:
Nov 28 06:46:45 postfix/submission/smtpd[23967]: lost connection after STARTTLS from d536f8fc.access.ecotel.net[213.54.248.252]
Nov 28 06:46:45 postfix/submission/smtpd[23967]: disconnect from d536f8fc.access.ecotel.net[213.54.248.252] ehlo=1 starttls=0/1 commands=1/2

Pas de problème avec le site html

→ VPS via SSH, Debian 11, YNH 11. Rien de special:

$ sudo yunohost -v
yunohost:
repo: stable
version: 11.0.10.2
yunohost-admin:
repo: stable
version: 11.0.11
moulinette:
repo: stable
version: 11.0.9
ssowat:
repo: stable
version: 11.0.9

Merci de votre aide mais comme @Veraendert le redémarrage de mon serveur ne change rien à mon problème

Same issue here, restarting postfix doesn’t help.

Your log say, that certificate expired. So try to renew certificate

Thanks, but that doesn’t fix it, unfortunately. Like i said: The certificate is working on the website. And even if i renew it, it doesn’t work when trying to send mail.

Merci mais cela ne résout pas le problème, malheureusement. Comme je l’ai dit : Le certificat functionne sur le site web. Et même si je le renouvelle, il ne fonctionne pas quand j’essaie d’envoyer une email.

idem pour moi, mon certificat était à jour et je l’ai renouvellé sans succès

Permissions problem maybe then?

J’ai configuré un nouveau serveur en utilisant ynh sur Buster. J’ai maintenant un certificat MAIS il est auto-signé même si j’en ai installé un de letsencrypt. Il semble que postscript ne soit pas au courant du nouveau certificat même si nginx n’a aucun problème à l’utiliser.

Peut-être qu’il s’agit simplement de copier certains fichiers vers la bonne destination, mais lesquels et où ?

I did set up a new server using ynh on Buster. I now do have a certificate BUT it’s self signed even though i did install one from letsencrypt. It looks like postscript is unaware of the new certificate even though nginx has no problem using it.

Maybe it’s just a matter of copying some files to the correct destination but which ones and where?

Nov 30 11:25:34 postfix/postfix-script[59824]: warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and /etc/ssl/certs/ca-certificates.crt differ

Je crois que j’ai trouvé l´erreur/I think i found the problem. Now how do i fix this? Just copy the cert from /etc/ssl?

EDIT: Non, marche pas/No, doesn’t work. Toujours/Still

ov 30 11:38:24 postfix/submission/smtpd[1567]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45:

Same problem I see here. I accidentally duplicated this error in another thread but I will put my findings here now:

Different error from external client connecting on IPv4 and internal IPv6:

admin@yunohost:~ $ sudo journalctl -xef |grep postfix
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: connect from x-x-x-x.mobile.net[x.x.x.x]
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: SSL_accept error from x-x-x-x.mobile.net[x.x.x.x]: -1
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1543:SSL alert number 46:
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: lost connection after STARTTLS from x-x-x-x.mobile.net[x.x.x.x]
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: disconnect from x-x-x-x.mobile.kpn.net[x.x.x.x] ehlo=1 starttls=0/1 commands=1/2
-----snip-----
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: warning: hostname xxxx-xxxx-xxxx.connected.by.freedominter.net does not resolve to address xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx: Name or service not known
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: connect from unknown[xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: SSL_accept error from unknown[xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]: -1
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45:
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: lost connection after STARTTLS from unknown[xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: disconnect from unknown[xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx] ehlo=1 starttls=0/1 commands=1/2

Reverse DNS problem, router and yunohost disagree on IPv6, this seems to be because yunohost adds domains to /etc/dnsmasq.d/*.domain.com. When I forced using my router DNS the certificate issue persisted

root@router:~# dig -x xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx|grep domain.com
x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.ip6.arpa. 3468 IN PTR domain.com.

admin@yunohost:~ $ dig -x xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx|grep domain.com
x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.ip6.arpa. 0 IN PTR cloud.domain.com.

-jeroen

I’ve had the same issue a few days ago
I resolved the problem using this command:
sudo yunohost tools regen-conf postfix

That did it. Thanks a million.

So I did do sudo yunohost tools regen-conf postfix before (see my original post), then it didn’t work.
@Benance made me try again and now it worked?! Absolutely no idea what happened here.
For others; I did remove the account in Thunderbird and readded it; maybe it was a client side problem all along?
Very happy this is finally solved, really awkward problem which took me hours and hours to debug without any clear sign of what was wrong.

-jeroen

I have to say that it took me hours too to find the solution. For me it was snappymail that was unable to send mails.
So I digged into /var/log/mail.log and searched again and again on the web to try to find a solution.
At last, I tried the command above and it worked again (very weird because I’ve never modified my yunohost’s postfix configuration)…
Wizardry?

It must have been
Also here no change in /etc/postfix, even showed how sudo yunohost tools regen-conf postfix --dry-run --with-diff returned nothing. Maybe an yunohost update did something?

anyway, thanks again! this issue was driving me crazy.

Strange indeed. I could have sworn that i had tried regen-conf and restarted. So whoever runs into the same problem: You may want to just try again.

Merci
ça fonctionne

Cette commande a résolu ce problème très étrange apparu sur plusieurs serveurs. A noter qu’il ne concernait que certains lecteurs de mail, mais résolu par une action sur yunohost…