#1 2018-05-22 18:22:56

OliverTempel
Member
Registered: 2018-02-20
Posts: 7

SMTP-TEST

Hi,
i get the following error after testing (./xsibackup --check-smtp=some@email.com --use-smtp=N) SMTP Server:

verify error:num=20:unable to get local issuer certificate
250 DSN
read:errno=104
Firewall rule SMTPout-587 closed.
Killed

Mail is not send.

Offline

#2 2018-05-23 10:20:24

admin
Administrator
Registered: 2017-04-21
Posts: 1,363

Re: SMTP-TEST

If you are using your own SMTP server, you might need to disable strict full check of certificate chain. XSIBackup's is a self generated key pair. Even if you used the ESXi server's key pair, which is BTW generated on every reboot, it is impossible that the SMTP server can check the full certificate chain up to the issuer's, as there isn't any issuer certificate.

If you are getting this from an ISP, you should call them so that they disable that strict check. Most e-mail users don't have a proper certificate and that check is out of place.

If you are in a corporative environment with strict security measures, you might simply need to just use a different SMTP server. GMail will do it for you.

If you are interested in how certificate chains are built and checked, this is a nice post: http://movingpackets.net/2015/03/16/fiv … -commands/

Offline

#3 2018-05-23 11:08:57

OliverTempel
Member
Registered: 2018-02-20
Posts: 7

Re: SMTP-TEST

xsi-dir/xsibackup_id_rsa doesnt exists so last call coundnt be performed

Offline

#4 2018-05-23 11:16:11

admin
Administrator
Registered: 2017-04-21
Posts: 1,363

Re: SMTP-TEST

O.K., that doesn't really matter. Forget the first part of our answer, we will correct it now.
Your problem is strict certificate chain check, which is incompatible with a tipicall ESXi server, especially in the SME world, where very little people will set up a proper certificate structure up to the issuer (Verisign, Thawte, etc...)
So get your mailmaster to remove that check, or swap to a different SMTP server.

Offline

#5 2018-05-23 11:27:15

OliverTempel
Member
Registered: 2018-02-20
Posts: 7

Re: SMTP-TEST

how do i do this on postfix?

Offline

#6 2018-05-23 11:50:15

admin
Administrator
Registered: 2017-04-21
Posts: 1,363

Offline

#7 2018-05-25 11:49:31

OliverTempel
Member
Registered: 2018-02-20
Posts: 7

Re: SMTP-TEST

Registered an Gmail account
Test works

Offline

#8 2018-05-25 14:55:06

admin
Administrator
Registered: 2017-04-21
Posts: 1,363

Re: SMTP-TEST

Configuring an SMTP server with encryption is not a trivial task, you need to know, not only the basics of the SMTP protocol and its most used extensions, but also OpenSSL, the hierarchy of an SSL certificate and how to configure the SMTP options in regards to checking the integrity of that nested hierarchy. Not to say anti-spam software and setting up filters.

Unless you are going to have some kind of return, setting up and maintaining a full featured SMTP server is not worth the time. Maybe a dummy SMTP with no encryption and a Smart Host relay to be used inside a LAN, like many of our Sysadmin users do, could be worth.

Offline

Board footer