Hi All,
I have more problems but for now I’ll try to solve the innermost one.
My full network is compose from 3 layers.
1) Firewall (OPNSense)
2) Reverse Proxy (Traefik)
3) MailCow
The 2nd and 3rd layers is on Docker.
The problem arises from the fact that I cannot send emails.
I try to use:
openssl s_client -starttls imap -connect docker:143 | openssl x509 -noout -text
but I receive the error:
Warning: Reading certificate from stdin since no -in or -new option is given
00D044DC01000000:error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:646:
Could not find certificate from <stdin>
00D044DC01000000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
instead of the starttls certificate, so I tried:
and I received:
** OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED] Dovecot ready.**
In the log I find:
dovecot-mailcow-1 | Dec 27 01:26:54 7037e05affb9 dovecot: auth: Debug: auth client connected (pid=179)
dovecot-mailcow-1 | Dec 27 01:26:54 7037e05affb9 dovecot: imap-login: Disconnected: Connection closed: SSL_accept() syscall failed: Invalid argument (no auth attempts in 0 secs): user=<>, rip=192.168.1.1, lip=172.22.1.250, TLS handshaking: SSL_accept() syscall failed: Invalid argument
I’ve been trying to figure out what’s happening for a week without success. At first I thought it was the firewall, then I thought about the reverse proxy, but I started contacting docker directly and it still doesn’t work for me.
The problem is on port 143 and 993, but I received the certificate correctly on 465 and 587.
I used to use the Firewall directly with docker and it seemed to work, but I never checked properly. Now I change the docker server by backing up the previous one and restoring on the new one and add the traefik.
Another piece of information, perhaps useful, is that I changed the directory where I put the restore from /opt to /home/<user>
Thank You