Koozali.org: home of the SME Server

Suddenly problem with sme-server receiving email from iPad & iPhone

Offline holck

  • ****
  • 317
  • +1/-0
Happy holidays -

This morning, one of my users has suddenly problems with sending email from her iPhone and iPad. Everything worked fine yesterday, she hasn't changed any settings on her devices. And I haven't changed anything on the server, no new updates installed.

She usually uses SSL and port 465 for outgoing email. In the log-files I see this:

Code: [Select]
2017-12-25 23:51:12.769518500 16103 (deny) logging::logterse: ` 12.34.56.78  12-34-56-78-dynamic.dk.customer.tdc.net                               earlytalker     901     Connecting host started transmitting before SMTP greeting       msg denied before queued
2017-12-25 23:51:13.385973500 16105 (deny) logging::logterse: ` 12.34.56.78  12-34-56-78-dynamic.dk.customer.tdc.net                               tls     903     Cannot establish SSL session    msg denied before queued
2017-12-25 23:52:28.411899500 16106 (deny) logging::logterse: ` 12.34.56.78  12-34-56-78-dynamic.dk.customer.tdc.net                               tls     903     Cannot establish SSL session    msg denied before queued
2017-12-25 23:52:28.413913500 16106 Lost connection to client, cannot send response.

I guess Apple must have made some recent updates, leading to this. Have any of you ran into this also?

Any help appreciated,
Jesper H, Denmark
......

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Suddenly problem with sme-server receiving email from iPad & iPhone
« Reply #1 on: December 26, 2017, 04:35:34 PM »
Any update of the said Apple devices done in between ?


Have you give a try to disable early talker to see what happen ?

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: Suddenly problem with sme-server receiving email from iPad & iPhone
« Reply #2 on: December 26, 2017, 05:30:17 PM »
I had a similar problem when I was building my own letsencrypt certificates manually (not using the LetsEncrypt contrib).  I had neglected to include restarts for dovecot and qpsmtpd after cert updates, and would get ssl errors.

If the certificate shown by webmail or server-manager was renewed recently, check the date/time on the files used by IMAP and SMTPS to make sure they were updated too.

IMAP (dovecot):
/var/service/dovecot/ssl/imapd.pem

SMTPS (sqpsmtpd uses a symlink pointing to qpsmtpd for the ssl cert):
/var/service/qpsmtpd/ssl/cert.pem

If you have a new webmail cert and these files have the same date as the new webmail certificate, try restarting dovecot, qpsmtpd, and sqpsmtpd. 

If you have a new webmail cert and these files don't have a new date, you'll need to figure out why these certs were not updated, get them updated, then restart the services.

Offline holck

  • ****
  • 317
  • +1/-0
Re: Suddenly problem with sme-server receiving email from iPad & iPhone
« Reply #3 on: December 27, 2017, 12:01:42 AM »
Thanks for your suggestions.

I've checked if my certificates were updated recently - they aren't. I use letsencrypt, but there has been no updates for a long time.

I've not yet tried to disable earlytalker. It all seems a bit random ... Sometimes, emails from the user will be accepted, at other times the earlytalker plugin will fire, and at yet other times, there will just be the "Cannot establish SSL session, msg denied" error. I guess it depends on which device she's using, they all come from the same IP address. I will check up on that.

Thank you,
Jesper H
......

Offline holck

  • ****
  • 317
  • +1/-0
Re: Suddenly problem with sme-server receiving email from iPad & iPhone
« Reply #4 on: December 28, 2017, 09:05:36 AM »
Strangely, everything now seems to work fine again. My best guess is that Apple must have updated either the software or the list of accepted root certificates on the user's iPhone and iPad.

Thanks for your kind suggestions,
Jesper H, Denmark
......

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Suddenly problem with sme-server receiving email from iPad & iPhone
« Reply #5 on: December 28, 2017, 12:19:38 PM »
I think IOS takes the first host from the cert so if your mail settings are say imap : mail.somehost.com then make sure that is the first hostname in the cert.

I think they made that change in IOS 10 at some point.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation