Upgrading Database and SSL

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Upgrading Database and SSL

Post by MarHMS » 2018-09-10 01:08

We're in the process of upgrading our SQL server. This is inclusive of acquiring additional storage, upgrade from MSSQL Server Express to Standard edition, and migrate from bare metal installation to VM. The 2 databases being hosted are being accessed by 50 workstations and a terminal server with 50 additional users.

I would like to take this opportunity to change HMS database from MSSQL CE to one being hosted on the server above. However, based on responses that I have gotten in the past, and from reading other threads on this forum, that will be very challenging and time consuming with negative impacts.

I am in the trap of the exceeded internal database size limitations. The current production database size is 529MB. The email datastore has a size of 85GB. Due to lack of preparation by my predecessor, I am now left with this problem to address. The installation should never have been linked to the internal database.

1. Based on this post (viewtopic.php?f=7&t=30423#p190194), @jimimaseye stated that upgrading to another database at this stage will result in all emails for an account being stored in the Inbox IMAP folder. This is the negative impact that I stated earlier.

2. Based on this post (viewtopic.php?f=7&t=30423#p190220), @mattg stated that it is possible to upgrade the internal database by using the Microsoft SQL installer. However, this was of a much smaller database size.

3. Based on this post (viewtopic.php?f=7&t=32110&hilit=change+database#p200745), @jimimaseye stated that there is an alpha version that is capable of backing up large databases. The size restricitions were lifted.

I created a test environment. In this environment I was able to successfully change the database for a smaller installation. It was in this environment I was able to repair and delete data from the corrupt database (production). The database shrunk to 493MB due to database corruption.

Can you please state if my only option at this point is option 1 above, or is option 2 or 3 still possible?
For option 2, I haven't seen any instructions on how to accomplish that.

..
..


In addition to this we recently acquired and secured our webmail with a Standard SSL from GoDaddy.

Based on other threads, they've encountered errors and I don't recall seeing those resolved.

My issue is that my installation of HMS is hosting 5 domains. Will my current SSL certificate with only one domain name cover all domains? Are do I need to add SAN?

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2018-09-10 03:40

A few things in all of that

Your Option #1 is a last resort

Your option #2 should be easily achieved by doing this
Start >> All programs >> Microsoft SQL Server >> SQL Server Installation Centre >> Maintenance >> Edition Upgrade

Your Option #3 is here >> http://www.hmailserver.com/forum/viewto ... 60#p203420

I'll answer the SSL query separately
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2018-09-10 03:49

MarHMS wrote:
2018-09-10 01:08
In addition to this we recently acquired and secured our webmail with a Standard SSL from GoDaddy.

Based on other threads, they've encountered errors and I don't recall seeing those resolved.

My issue is that my installation of HMS is hosting 5 domains. Will my current SSL certificate with only one domain name cover all domains? Are do I need to add SAN?
Don't know what errors...SSL works great in hMailserver

This is what I do, also what gmail and Office265.com do
You need a RDNS that matches your SMTP >> Delivery of email >> Local Host name (example.com)
For each of your domains, they should have an MX record that points to the same TLD (mail.example.com)
You need a cert for that TLD installed on hMailserver.
(please note that at times, the local host name and your MX record will be the same)


When a server tries to send mail to any of your 5 domains (or otherwise connect to your hmailserver), they will look up the MX record for the domain, get a result of mail.example.com (irrespective of which domain they lookup), and then when they connect to your hMailserver via TLS (sometimes called StartTLS) or SSL they will be presented with a certificate that matches the MX record, and all will be good...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-10 21:18

mattg wrote:
2018-09-10 03:40
A few things in all of that

Your Option #1 is a last resort

Your option #2 should be easily achieved by doing this
Start >> All programs >> Microsoft SQL Server >> SQL Server Installation Centre >> Maintenance >> Edition Upgrade

Your Option #3 is here >> http://www.hmailserver.com/forum/viewto ... 60#p203420

I'll answer the SSL query separately
Thanks mattg

I'm assuming option 3 would be best, because the size limitation is the only issue that's preventing us from performing a full backup and restore. Right?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8094
Joined: 2011-09-08 17:48

Re: Upgrading Database and SSL

Post by jimimaseye » 2018-09-10 22:43

Correct.

There are numerous benefits in taking option 3 and no reason why you shouldn't.

Go for it.

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-11 21:38

mattg wrote:
2018-09-10 03:49
MarHMS wrote:
2018-09-10 01:08
In addition to this we recently acquired and secured our webmail with a Standard SSL from GoDaddy.

Based on other threads, they've encountered errors and I don't recall seeing those resolved.

My issue is that my installation of HMS is hosting 5 domains. Will my current SSL certificate with only one domain name cover all domains? Are do I need to add SAN?
Don't know what errors...SSL works great in hMailserver

This is what I do, also what gmail and Office265.com do
You need a RDNS that matches your SMTP >> Delivery of email >> Local Host name (example.com)
For each of your domains, they should have an MX record that points to the same TLD (mail.example.com)
You need a cert for that TLD installed on hMailserver.
(please note that at times, the local host name and your MX record will be the same)


When a server tries to send mail to any of your 5 domains (or otherwise connect to your hmailserver), they will look up the MX record for the domain, get a result of mail.example.com (irrespective of which domain they lookup), and then when they connect to your hMailserver via TLS (sometimes called StartTLS) or SSL they will be presented with a certificate that matches the MX record, and all will be good...
I'm a bit confused.

See domains and mx records below:

---Domain: example1.com
--MX Record(s): mail.example1.com, mx1.example1.com, mx2.example1.com, mx3.example1.com

---Domain: example2.com
--MX Record(s): mail.example1.com, mx1.example2.com

---Domain: example3.com
--MX Record(s): mail.example1.com, mx1.example3.com

---Domain: example4.com
--MX Record(s): mail.example1.com, mx1.example4.com

---Domain: example5.com
--MX Record(s): mail.example1.com, mx1.example5.com

My current SSL certificate matches the mx record: mail:example1.com. Will that SSL work for all domains?

Also, please state any recommendation based on my mx records above.

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-11 21:40

jimimaseye wrote:
2018-09-10 22:43
Correct.

There are numerous benefits in taking option 3 and no reason why you shouldn't.

Go for it.

[Entered by mobile. Excuse my spelling.]
Thank you!

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2018-09-12 02:28

This would work

---Domain: example1.com
--MX Record(s): mail.example1.com

---Domain: example2.com
--MX Record(s): mail.example1.com

---Domain: example3.com
--MX Record(s): mail.example1.com

---Domain: example4.com
--MX Record(s): mail.example1.com

---Domain: example5.com
--MX Record(s): mail.example1.com
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-12 13:55

Thanks.

I'll remove the other mx records.

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-13 07:15

Just attempted a backup.

Is that not the correct HMS version?

Code: Select all

2018-09-13 00:09:01.903	Backup started
2018-09-13 00:09:01.903	Loading backup settings....
2018-09-13 00:09:14.090	The size of the data directory exceeds the maximum RECOMMENDED size for the built in backup (1.5GB). Please consult the backup documentation
2018-09-13 00:09:18.855	BACKUP ERROR: The size of the data directory exceeds the maximum size for the built in backup (15GB). Please consult the backup documentation.

Code: Select all

Test: Collect server details
hMailServer version: hMailServer 5.6.7-B2425
Database type: MSSQL Compact

Test: Test IPv6
IPv6 support is available in operating system.

...

Test: Test backup directory
Backup directory E:\Backup is writable.

...

Test: Test message file locations
Relative message paths are stored in the database for all messages.

Test: Test IP range configuration
There is a total of 2178 auto-ban IP ranges.


User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2018-09-13 07:22

No it's not

Once you install that version of hMailserver, download the link here >> http://www.hmailserver.com/forum/viewto ... 60#p203420 (Also linked above)
and then download the custom build with the same version number, in your case 5.6.7-B2425.16.7z

Make sure that the hmailserver admin window is closed
Stop the hMailserver service
Copy the contents of the zip in to your /hmailserver/bin directory overwriting files as you go
Start the hMailserver service
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-14 02:33

mattg wrote:
2018-09-13 07:22
No it's not

Once you install that version of hMailserver, download the link here >> http://www.hmailserver.com/forum/viewto ... 60#p203420 (Also linked above)
and then download the custom build with the same version number, in your case 5.6.7-B2425.16.7z

Make sure that the hmailserver admin window is closed
Stop the hMailserver service
Copy the contents of the zip in to your /hmailserver/bin directory overwriting files as you go
Start the hMailserver service
Thanks mattg

It works now. Though it was cut short lastnight. I will reattempt tonight.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8094
Joined: 2011-09-08 17:48

Re: Upgrading Database and SSL

Post by jimimaseye » 2018-09-14 08:35

MarHMS wrote:
2018-09-14 02:33


Thanks mattg

It works now. Though it was cut short last night. I will reattempt tonight.
Warning: if the backup was interrupted then its likely it wont work tonight *with some message about "backup already started/running"). Ensure your BACKUP directory is completely empty of folders before you restart (and be aware that such a backup could take HOURS to complete. GB's of data being compressed by 7zip is not quick. So be patient.)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-23 22:56

jimimaseye wrote:
2018-09-14 08:35
MarHMS wrote:
2018-09-14 02:33


Thanks mattg

It works now. Though it was cut short last night. I will reattempt tonight.
Warning: if the backup was interrupted then its likely it wont work tonight *with some message about "backup already started/running"). Ensure your BACKUP directory is completely empty of folders before you restart (and be aware that such a backup could take HOURS to complete. GB's of data being compressed by 7zip is not quick. So be patient.)
Apart from the backup log being updated with progress of the backup, what other identifiers should I look out for?
I tried the backup again today, and it stopped midway one of the domains being backed up. I figured it stopped because the log no longer updated.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8094
Joined: 2011-09-08 17:48

Re: Upgrading Database and SSL

Post by jimimaseye » 2018-09-23 23:02

The only thing you can do is watch the process (with something like process explorer) to watch the CPU usage and file handles. You might want to watch file count on the backup direcrory too (that should be increasing mainly as the files are copied to it before it eventually gets Zipped. But one the zipping starts - its CPU use only im afraid.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-23 23:17

I don't think it's working.

Only the first 3 domains got backed up and then nothing happens.

No related process running in task manager. Seem to have halted midway 3rrd domain backup.

Also, shouldn't the HMS service be halted during this process?

Code: Select all

2018-09-23 15:57:09.050	Backup started
2018-09-23 15:57:09.050	Loading backup settings....
2018-09-23 15:57:12.988	Backing up domains...
2018-09-23 15:57:13.003	Backing up account...
.
.
.
2018-09-23 15:59:36.925	Backing up account 


MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-26 20:39

Any thoughts on this @jimimaseye and @mattg?

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2018-09-26 23:00

Sounds like a problematic message to me, but I'm not sure how you would find it.

Does your Antivirus exclude the data directory?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8094
Joined: 2011-09-08 17:48

Re: Upgrading Database and SSL

Post by jimimaseye » 2018-09-26 23:24

Seen it on be before with another user (i remote connected to think to see it myself). Proved it to be a rogue message by (temporarily) removing the accounts messages one by one (renaming away from the data directory) to identify where.

Never understood why though.

You could try a dds and viewtopic.php?f=20&t=27646

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-09-29 02:56

mattg wrote:
2018-09-26 23:00
Sounds like a problematic message to me, but I'm not sure how you would find it.

Does your Antivirus exclude the data directory?
Only anti-virus installed in a sense is the ClamAV service.

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-10-15 15:50

jimimaseye wrote:
2018-09-26 23:24
Seen it on be before with another user (i remote connected to think to see it myself). Proved it to be a rogue message by (temporarily) removing the accounts messages one by one (renaming away from the data directory) to identify where.

Never understood why though.

You could try a dds and viewtopic.php?f=20&t=27646

[Entered by mobile. Excuse my spelling.]
I know the DDS will move all emails to the user's inbox, which is what we're trying to avoid.

For the link you provided, isn't that for external databases only?

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-10-15 18:07

mattg wrote:
2018-09-10 03:49
MarHMS wrote:
2018-09-10 01:08
In addition to this we recently acquired and secured our webmail with a Standard SSL from GoDaddy.

Based on other threads, they've encountered errors and I don't recall seeing those resolved.

My issue is that my installation of HMS is hosting 5 domains. Will my current SSL certificate with only one domain name cover all domains? Are do I need to add SAN?
Don't know what errors...SSL works great in hMailserver

This is what I do, also what gmail and Office265.com do
You need a RDNS that matches your SMTP >> Delivery of email >> Local Host name (example.com)
For each of your domains, they should have an MX record that points to the same TLD (mail.example.com)
You need a cert for that TLD installed on hMailserver.
(please note that at times, the local host name and your MX record will be the same)


When a server tries to send mail to any of your 5 domains (or otherwise connect to your hmailserver), they will look up the MX record for the domain, get a result of mail.example.com (irrespective of which domain they lookup), and then when they connect to your hMailserver via TLS (sometimes called StartTLS) or SSL they will be presented with a certificate that matches the MX record, and all will be good...
Can I use the same SSL I created and is being used for our webmail?

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2018-10-16 01:36

MarHMS wrote:
2018-10-15 18:07
Can I use the same SSL I created and is being used for our webmail?
I do

I have my webmail at mail.example.com, and use the same certificate on my hMailserver.


MarHMS wrote:
2018-10-15 15:50
I know the DDS will move all emails to the user's inbox, which is what we're trying to avoid.
DDS will only move UNKNOWN messages to inbox, not ALL messages
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-10-18 03:41

MarHMS wrote:
2018-10-18 03:39
mattg wrote:
2018-10-16 01:36
MarHMS wrote:
2018-10-15 18:07
Can I use the same SSL I created and is being used for our webmail?
I do

I have my webmail at mail.example.com, and use the same certificate on my hMailserver.
Noted.
MarHMS wrote:
2018-10-18 03:39
MarHMS wrote:
2018-10-15 15:50
I know the DDS will move all emails to the user's inbox, which is what we're trying to avoid.
DDS will only move UNKNOWN messages to inbox, not ALL messages
OOOOOKKKK.... So whatever message that is causing the backup to halt, if exists, will be moved to the Inbox IMAP folder.

Really appreciate the responses

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-10-25 23:19

@mattg I enabled SSL within HMS and I've haven't gotten any errors. I switched my SMTP ports within Outlook and webmail to use 465. Is there a way for me to confirm that my messages are indeed being sent securely?

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2018-10-25 23:40

If you enable Debug and TCP logging you will see lines like this in your logs

"

Code: Select all

DEBUG"	8080	"2018-10-26 07:34:31.963"	"Performing SSL/TLS handshake for session 6506. Verify certificate: False"
"TCPIP"	8080	"2018-10-26 07:34:32.697"	"TCPConnection - TLS/SSL handshake completed. Session Id: 6506, Remote IP: xxx.xxx.xxx.xxx, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256"
This one was a low score spammer by the way
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-10-29 01:24

I just updated my webmail. During the testing of the SSL being on and off, I took a copy of the header files from my gmail account. Can you please say what is happening here as it relates to the SSL? It seem as if there's an error where Gmail isn't able to say where the message is from.

Without SSL

Code: Select all

Delivered-To: %username%@gmail.com
Received: by 2002:a2e:8717:0:0:0:0:0 with SMTP id m23-v6csp96219lji;
        Sun, 28 Oct 2018 15:05:25 -0700 (PDT)
X-Received: by 2002:a67:23c7:: with SMTP id j68mr4983658vsj.240.1540764084599;
        Sun, 28 Oct 2018 15:01:24 -0700 (PDT)
X-Google-Smtp-Source: AJdET5eNhhfFjE2D83z935MQvb62p7KAaOcMg4jWpajjzD0dvV0Kwy0f+5Q+SmVBIgVn3YsCxXUw
X-Received: by 2002:a67:23c7:: with SMTP id j68mr4983636vsj.240.1540764083587;
        Sun, 28 Oct 2018 15:01:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540764083; cv=none;
        d=google.com; s=arc-20160816;
        b=ltSiVts3vopPgdnqWXOxyMrLXTWkv/yV5Uo54HNEkCsRoNyuvnnmnEaso1Swn0idjU
         wGdv5EZPV/ItayyuQDs+v0YR0dYib7zYfrWEV3gkfC97CztSwzBmivStPgplI3gy9duu
         UXERxHV0oqLQPEdv1flS6YrwUcgbuNj/JyhdHE7DnRdXTJSweKIZeVFMtfT2VhTd1/Cj
         MmsrhjCVVXUaN+2uyaygTV9NFyeEGqQUFfeHOF8YOuvWikYXi1/FoFj4iwg4x/DMxO+K
         ABjRXo3al5OfM8JbCSknpK3iIbnBz5F7sOJ5grLSstYiY0jop5EltYDLgIFrP92HNS/m
         r6yQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=to:subject:from:message-id:date:mime-version;
        bh=knXr5ayYZh2tRi8MUlK2N34OF2HJrG4Jg+puRgRJ+Vs=;
        b=eOywtYh1ik+tdW4nh/sasioGY6r6kQA5KuYOqzS0qUBKoAZ/pV17O7InV87XoF3GiL
         +5LWEW1kMV2Y8EW3GhWRTrjXurLvnYvpRVVQjbJI/BzlVitCkl8uwoI2O+ICU4TOa4jS
         Yjt43rwwSRCgvQjKRU07rhRFRGHrNlDZd0BRxXndSHduEjJUIr8FBmbgFy4neMz6GoRb
         OVjs1Odsayi0B5tH7l2bkXLtvSGzWkpSK8uQAN+nfJJaCvk2tl3wz/zpNma6xbw0ODB/
         u9F6gCQcdoUl6el4pj8WI8rEh3j3AXS54NcXkwa0JNp+RCfiH147TWIC4cwGHdOAkJ/j
         aXsQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of %username%@%domain%.com designates %ipaddress% as permitted sender) smtp.mailfrom=%username%@%domain%.com
Return-Path: <%username%@%domain%.com>
Received: from mail.%domain%.com ([%ipaddress%])
        by mx.google.com with ESMTPS id a42si1161336uad.171.2018.10.28.15.01.22
        for <%username%@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 28 Oct 2018 15:01:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of %username%@%domain%.com designates %ipaddress% as permitted sender) client-ip=%ipaddress%;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of %username%@%domain%.com designates %ipaddress% as permitted sender) smtp.mailfrom=%username%@%domain%.com
Received: from mail.%domain%.com (hqpfsense.fuf.local [192.168.0.1]) by mail.%domain%.com with ESMTPA ; Sun, 28 Oct 2018 17:00:57 -0500
Mime-Version: 1.0
Date: Sun, 28 Oct 2018 22:00:55 +0000
Content-Type: multipart/mixed; boundary="----=_Part_741_553598022.1540764055"
Message-ID: <3dbb50c3d68e45f469ed4d39ff76b7d6@mail.%domain%.com>
X-Mailer: AfterLogic webmail client
From: %username%@%domain%.com
Subject: test
To: %username%@gmail.com, %username%@outlook.com
X-Priority: 3 (Normal)

------=_Part_741_553598022.1540764055
Content-Type: multipart/alternative; boundary="----=_Part_512_528219604.1540764055"

------=_Part_512_528219604.1540764055
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

testing file attachment size

------=_Part_512_528219604.1540764055
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"tex=
t/html; charset=3Dutf-8" /></head><body><div data-crea=3D"font-wrapper" sty=
le=3D"font-family: Tahoma; font-size: 16px; direction: ltr">testing file at=
tachment size<br><br><div></div><br></div></body></html>

------=_Part_512_528219604.1540764055--
------=_Part_741_553598022.1540764055
Content-Type: application/zip; name="openssl-OpenSSL_1_1_1-pre8.zip"; charset="utf-8"
Content-Disposition: attachment; filename="openssl-OpenSSL_1_1_1-pre8.zip.txt"
Content-Transfer-Encoding: quoted-printable

The attachment openssl-OpenSSL_1_1_1-pre8.zip was blocked for delivery by t=
he e-mail server. Please contact your system administrator if you have any =
questions regarding this.

hMailServer

------=_Part_741_553598022.1540764055--
With SSL

Code: Select all

Delivered-To: %username%@gmail.com
Received: by 2002:a2e:8717:0:0:0:0:0 with SMTP id m23-v6csp105830lji;
        Sun, 28 Oct 2018 15:17:53 -0700 (PDT)
X-Google-Smtp-Source: AJdET5cd+zJFMQE2TCxC1JkI4Kj4ewYOFhg0TM+ugkyFEt06I63IS+6lg6OfypsxZdxqdZjy1Pqw
X-Received: by 2002:ab0:48c8:: with SMTP id y8mr5046897uac.66.1540765073452;
        Sun, 28 Oct 2018 15:17:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540765073; cv=none;
        d=google.com; s=arc-20160816;
        b=r2z8XomjyzYkXF5/e7lWgg1EZqQCz12L0ORS8gfxVLl+yROoWA9v8mB46eTZyUXmKZ
         fOS7HhLctHwP99JCoDfoTjhlPM0rLmA1ClVwj0daL6mCQw5/KtvbsHhnJgjZ10tG0OWr
         dZcFCC8YzUprTl7wbxipEEyTE36/76kbKN8XKW6DMke6e0XDYabzoZPSPsAb7Wg3DxXl
         BlU/pTqSNA966rjXhn/LqjV6QmSGks/D6uYy2HBR4H/VSAO1N/1HCBuR7qHbefKqf+j6
         cFeX9cu8afL56u9EQDJy68Vg5eUKA8NB1I/+3RGuFDiSYulnzxzQL2eGQpTRsNivZQdy
         WPtg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=references:in-reply-to:to:subject:from:message-id:date:mime-version;
        bh=vZN+tBOnP7JcjWTbSYWu+6FmjOytVMuxJFYsV7FdOPo=;
        b=vF/nRECkT3360Zr2ZTQlg17kt1j3L+XLTMxToc4TNY1p6Jrb/ChkModYF5IyFpOAvt
         tbAfXS18iSg4mR6c7oUHd3HqQhdSz4sGdWOway/jq7iWVNxBXlpXN6go6JQP51LRz2ID
         ar3l2VAfAY0jiRaivbqi+i/wgkpnmo3GWxVaSrxVfL+g4RAd2X636D0XDaxX8VtZWK1v
         NZrNsyhNchbrTMuKCEPc1VonG+vZceEHY8So+wvlMI8HxbMSqyTVoa4byfiCsant6b4O
         EpfNM6oKnTA4pdbdDRi0kbs6zklRnMtzxANJ2p890K7RQ9RuNG0gd7NM0wrV8HG1N3TL
         ZPvw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=temperror (google.com: error in processing during lookup of %username%@%domain%.com: DNS error) smtp.mailfrom=%username%@%domain%.com
Return-Path: <%username%@%domain%.com>
Received: from mail.%domain%.com ([%ipaddress%])
        by mx.google.com with ESMTPS id m15si3623936vsa.413.2018.10.28.15.17.53
        for <%username%@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 28 Oct 2018 15:17:53 -0700 (PDT)
Received-SPF: temperror (google.com: error in processing during lookup of %username%@%domain%.com: DNS error) client-ip=%ipaddress%;
Authentication-Results: mx.google.com;
       spf=temperror (google.com: error in processing during lookup of %username%@%domain%.com: DNS error) smtp.mailfrom=%username%@%domain%.com
Received: from mail.%domain%.com (hqpfsense.fuf.local [192.168.0.1]) by mail.%domain%.com with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256) ; Sun, 28 Oct 2018 17:17:50 -0500
Mime-Version: 1.0
Date: Sun, 28 Oct 2018 22:17:49 +0000
Content-Type: multipart/alternative; boundary="----=_Part_884_590594482.1540765069"
Message-ID: <1495d5f0f034ef21e79d477cf92afa83@mail.%domain%.com>
X-Mailer: AfterLogic webmail client
From: Marcus <%username%@%domain%.com>
Subject: Fwd: Re[2]: test
To: %username%@gmail.com
In-Reply-To: <245ddab9b77ffc4cf6ca2440f6a9caad@mail.%domain%.com>
References: <3dbb50c3d68e45f469ed4d39ff76b7d6@mail.%domain%.com> <BN6PR2201MB1171494BBDB818E1311EF8C2B9F20@BN6PR2201MB1171.namprd22.prod.outlook.com> <245ddab9b77ffc4cf6ca2440f6a9caad@mail.%domain%.com>
X-Priority: 3 (Normal)

------=_Part_884_590594482.1540765069
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

---- Original Message ----
From: Marcus=20
To: Marcus =20
Sent: Sun, Oct 28, 2018 05:17 PM
Subject: Re[2]: test
Apologies. My mail server blocked the zip archive from sending.
On Sun, Oct 28, 2018 at 05:02 PM, Marcus   wrote:
 Attachment is now txt
 =E2=80=A6
 Marcus
------------------------------------
From: %username%@%domain%.com (mailto:%username%@%domain%.com)=20
Sent: Sunday, October 28, 2018 5:00:55 PM
To: %username%@gmail.com (mailto:%username%@gmail.com); %username%@outlook.com=
 (mailto:%username%@outlook.com)
Subject: test=20
  testing file attachment size

------=_Part_884_590594482.1540765069
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"tex=
t/html; charset=3Dutf-8" /></head><body><div data-crea=3D"font-wrapper" sty=
le=3D"font-family: Tahoma; font-size: 16px; direction: ltr"><div style=3D"f=
ont-family: Tahoma; font-size: 16px"></div><br><br><div></div><br><br><div =
data-anchor=3D"reply-title">---- Original Message ----<br>From: Marcus &lt;=
%username%@%domain%.com&gt;<br>To: Marcus  &lt;%username%@outlook.com&gt;<br>Sent: Sun, Oct 28, 2018 05:17 PM<br>Subject: Re[2]: t=
est<br></div><br><br><div><div><div data-crea=3D"font-wrapper" style=3D"fon=
t-family: Tahoma;font-size: 16px;direction: ltr"><div style=3D"font-family:=
 Tahoma;font-size: 16px"></div>Apologies. My mail server blocked the zip ar=
chive from sending.<br><br><div></div><br><br><div data-anchor=3D"reply-tit=
le">On Sun, Oct 28, 2018 at 05:02 PM, Marcus  &lt;<a href=3D"mail=
to:%username%@outlook.com" target=3D"_blank" tabindex=3D"-1" rel=3D"external=
">%username%@outlook.com</a>&gt; wrote:</div><blockquote><div><div>
<div>
Attachment is now txt<br><br>=C2=A0<br><br>
=E2=80=A6<br>
Marcus<br><br><br><br>=C2=A0<br><br></div>
<hr style=3D"display: inline-block;width: 98%" tabindex=3D"-1"><div dir=3D"=
ltr"><font face=3D"Calibri, sans-serif" style=3D"font-size: 11pt" color=3D"=
#000000"><b>From:</b> <a href=3D"mailto:%username%@%domain%.com"=
 target=3D"_blank" tabindex=3D"-1" rel=3D"external">%username%@%domain%</a> &lt;<a href=3D"mailto:%username%@%domain%.com" t=
arget=3D"_blank" tabindex=3D"-1" rel=3D"external">%username%@%domain%.com</a>&gt;<br><b>Sent:</b> Sunday, October 28, 2018 5:00:55 PM<br><b=
>To:</b> <a href=3D"mailto:%username%@gmail.com" target=3D"_blank" tabindex=
=3D"-1" rel=3D"external">%username%@gmail.com</a>; <a href=3D"mailto:%username%@outlook.com" target=3D"_blank" tabindex=3D"-1" rel=3D"external">%username%@outlook.com</a><br><b>Subject:</b> test</font>
<div>=C2=A0</div>
</div>
<div>
<div data-crea=3D"font-wrapper" style=3D"font-family: Tahoma;font-size: 16p=
x;direction: ltr">
testing file attachment size<br><br><div></div>
<br></div>
</div>
</div></div></blockquote></div></div></div></div></body></html>

------=_Part_884_590594482.1540765069--

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2018-10-29 01:33

I don't understand what you want me to look at...

What has your webmail got to do with sending mail to gMail?
How is the mail sent to gmail? DO you have logs
Where is the error?

Is your question about SSL vs NON-SSL connections from your webmail to your mailserver?
Which webmail have you updated?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-10-29 02:49

Apologies, I did another test with mobile app and all seem to work. I had seen a

Code: Select all

ARC-Authentication-Results: i=1; mx.google.com;
       spf=temperror (google.com: error in processing during lookup of username@domain.com: DNS error) 
I'm no longer seeing that error now.

We're utilizing Afterlogic Webmail Lite as our webmail client. Today I updated the webmail to the latest version. This is not the important information, I just stated same because it lead to me discovering the header information above.

Does the header information below show that our SSL is enabled and working without an issue?

Code: Select all

Delivered-To: username@gmail.com
Received: by 2002:a2e:8717:0:0:0:0:0 with SMTP id m23-v6csp190126lji;
        Sun, 28 Oct 2018 17:16:52 -0700 (PDT)
X-Google-Smtp-Source: AJdET5fCS3TnauO4lEoDeIW4j8/7pxEBf78E215LDY0QopDc1siXb3KAeR8Y/duhJgcmPpEqaBVt
X-Received: by 2002:a67:4114:: with SMTP id o20mr5226944vsa.56.1540772212461;
        Sun, 28 Oct 2018 17:16:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540772212; cv=none;
        d=google.com; s=arc-20160816;
        b=PoiCU8xvzObYliz01+znOf8WHmlhJ/l0bgmOKvaWIoSD2VavupZqrun5q6c5H3mw4B
         XpJgZfXzujRdu488RjCCYH6rUCgwVE2bLEdamdin+Y4LNjyaWciSeEfmRehGLodj8xbR
         L1vUSFxGCybS4er9+yFAO/qEGuojt5EfyTPkQbkfqlgcsCttE3qiPbtNTomWGXo5etiM
         ReCJRgzSE7yBmEZyHnI6GbDU0jr5AvQfJf54Xy0jq0cJsU3ez6LtHKaKUV73K46IVJ6Z
         P1mRfIXnGJhO95mw8XnWqGx28P0IfY4k0ARBez0dGIQnK15ZsRspb6XCWelLjx7JNoNE
         VwuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=references:in-reply-to:to:subject:from:message-id:date:mime-version;
        bh=7UmfjSngaSkanvRqUh/XoiG4En3eUgmK7YJ5mEoKg0k=;
        b=ALyqf7yZlbQcGX0iRAFJUQ6+WaEJyl1SXptZ/leRT6ujjF5saEn8lJq3aok35q5IO4
         gzlhrBzdnqJIt6Esb84r15iBYHm+1PLNRYznQyv53GXYnNqskSp6BgrwR7xVimtk+lI+
         CTEg2v/zwHi97kRlvg2GjPHL0SpIia8SNIktl0bDutTUB/0q89PQ1HIdTdrwM285ZQ82
         /NeuMSxe0dlRcRv/qQsIORXZxm2+GZJaHsqDxgCTHJAaUFMMD1bBIIM63xgF/Z2YW5IK
         MFXQW4gU7f2xDFTGDIvgjEBgvi147BeRRhANr4LFRGnu2iDx/qcHtpuAGSLarn8AVh9C
         7DCw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of username@domain designates %ip address% as permitted sender) smtp.mailfrom=username@domain
Return-Path: <username@domain>
Received: from mail.domain.com ([%ip address%])
        by mx.google.com with ESMTPS id h37si2384119uah.172.2018.10.28.17.16.52
        for <username@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 28 Oct 2018 17:16:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of username@domain designates %ip address% as permitted sender) client-ip=%ip address%;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of username@domain designates %ip address% as permitted sender) smtp.mailfrom=username@domain
Received: from mail.domain.com (hqpfsense.fuf.local [192.168.0.1]) by mail.domain.com with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256) ; Sun, 28 Oct 2018 19:16:52 -0500
Mime-Version: 1.0
Date: Mon, 29 Oct 2018 00:16:51 +0000
Content-Type: multipart/alternative; boundary="----=_Part_258_520419311.1540772211"
Message-ID: <27d49c8d482aba5e05894e618bb9faca@mail.domain.com>
X-Mailer: AfterLogic webmail client
From: Marcus <username@domain>
Subject: Re[2]: testing 2
To: marcus <username@gmail.com>
In-Reply-To: <CABM+83goJn-=amuuCWpEc1u3FuEW7ufMnFt7a9hQZKzMaR2e_w@mail.gmail.com>
References: <2a98c4da68fa1a961d371d7ad1119e28@mail.domain.com> <CABM+83goJn-=amuuCWpEc1u3FuEW7ufMnFt7a9hQZKzMaR2e_w@mail.gmail.com>
X-Priority: 3 (Normal)

------=_Part_258_520419311.1540772211
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

please test again... please
Regards,
marcus


On Sun, Oct 28, 2018 at 07:14 PM, marcus  wrote:acknowledged

On Sun, Oct 28, 2018 at 7:13 PM Marcus  wrote:

testing again
Regards,
marcus


--=20
"If you want the rainbow, you have to deal with the rain."

------=_Part_258_520419311.1540772211
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"tex=
t/html; charset=3Dutf-8" /></head><body><div data-crea=3D"font-wrapper" sty=
le=3D"font-family: Tahoma; font-size: 16px; direction: ltr"><div style=3D"f=
ont-family: Tahoma; font-size: 16px"></div>please test again... please<br><=
br><div><div data-crea=3D"font-wrapper" style=3D"font-family: Tahoma; font-=
size: 16px; direction: ltr"><span lang=3D"EN-JM" style=3D"font-family: Helv=
etica, Tahoma, Arial, sans-serif; font-size: 14.6667px;">Regards,<br><b><sp=
an style=3D"color: rgb(31, 78, 121);">marcus</span></b><span sty=
le=3D"color: rgb(64, 64, 64);"><br></span></span><img width=3D"192" height=
=3D"46" alt=3D"logo_resized1" style=3D"font-family: Helvetica, Tah=
oma, Arial, sans-serif; font-size: 14.6667px;" src=3D"cid:image001.png@01D4=
6D38.B43B2C40"><br style=3D"font-family: Helvetica, Tahoma, Arial, sans-ser=
if; font-size: 14.6667px;"><span lang=3D"EN-JM" style=3D"font-family: Helve=
tica, Tahoma, Arial, sans-serif; font-size: 14.6667px; color: rgb(192, 0, 0=
);"><br></span><b style=3D"font-family:=
 Helvetica, Tahoma, Arial, sans-serif; font-size: 14.6667px;"><span lang=3D=
"EN-JM" style=3D"color: rgb(31, 78, 121);">T:</span></b><span lang=3D"EN-JM=
" style=3D"font-family: Helvetica, Tahoma, Arial, sans-serif; font-size: 14=
.6667px; color: rgb(31, 78, 121);">=C2=A0<br><b>C</b>=
: 876-367-0968</span><br></div></div><br><br><div data-anchor=3D"reply-titl=
e">On Sun, Oct 28, 2018 at 07:14 PM, marcus &lt;username@gmail.=
com&gt; wrote:</div><blockquote><div><div><div dir=3D"ltr"><div style=3D"fo=
nt-family: verdana,sans-serif">acknowledged</div></div><br><div><div dir=3D=
"ltr">On Sun, Oct 28, 2018 at 7:13 PM Marcus &lt;<a href=3D"mailto:username@domain" target=3D"_blank" tabindex=3D"-1" rel=3D"extern=
al">username@domain</a>&gt; wrote:<br></div><blockquote =
style=3D"margin: 0 0 0 .8ex;border-left: 1px #ccc solid;padding-left: 1ex">=
<u></u><div><div style=3D"font-family: Tahoma;font-size: 16px;direction: lt=
r">testing again<br><br><div><div style=3D"font-family: Tahoma;font-size: 1=
6px;direction: ltr"><span lang=3D"EN-JM" style=3D"font-family: Helvetica,Ta=
homa,Arial,sans-serif;font-size: 14.6667px">Regards,<br><b><span style=3D"c=
olor: rgb(31,78,121)">marcus</span></b><span style=3D"color: rgb=
(64,64,64)"><br></span></span><img width=3D"192" height=3D"46" alt=3D"logo_resized1" style=3D"font-family: Helvetica,Tahoma,Arial,sans-serif;=
font-size: 14.6667px"><br style=3D"font-family: Helvetica,Tahoma,Arial,sans=
-serif;font-size: 14.6667px"><span lang=3D"EN-JM" style=3D"font-family: Hel=
vetica,Tahoma,Arial,sans-serif;font-size: 14.6667px;color: rgb(192,0,0)"><br></span><b style=3D"font-family: Helve=
tica,Tahoma,Arial,sans-serif;font-size: 14.6667px"><span lang=3D"EN-JM" sty=
le=3D"color: rgb(31,78,121)">T:</span></b><span lang=3D"EN-JM" style=3D"fon=
t-family: Helvetica,Tahoma,Arial,sans-serif;font-size: 14.6667px;color: rgb=
(31,78,121)">=C2=A0<br><b>C</b></span><=
br></div></div><br></div></div>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
 data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><div style=3D"text-ali=
gn: left;font-family: arial,helvetica,clean,sans-serif;line-height: 15px"><=
span style=3D"font-weight: bold;font-style: italic"><br></span></div><div s=
tyle=3D"text-align: left;font-family: arial,helvetica,clean,sans-serif;line=
-height: 15px"><span style=3D"font-weight: bold;font-style: italic"><br></s=
pan></div><div style=3D"text-align: left;font-family: arial,helvetica,clean=
,sans-serif;line-height: 15px"><span style=3D"font-weight: bold;font-style:=
 italic"><br></span></div><div style=3D"text-align: left;font-family: arial=
,helvetica,clean,sans-serif;line-height: 15px"><span style=3D"font-weight: =
bold;font-style: italic"><br></span></div><div style=3D"text-align: left;fo=
nt-family: arial,helvetica,clean,sans-serif;line-height: 15px"><span style=
=3D"font-weight: bold;font-style: italic"><br></span></div><div style=3D"te=
xt-align: left;font-family: arial,helvetica,clean,sans-serif;line-height: 1=
5px"><b><i><span style=3D"background-color: rgb(255,255,255)"><font size=3D=
"2">"If you want the rainbow, you have to deal with the rain."</font></span=
></i></b></div></div></div></div></div></blockquote></div></body></html>

------=_Part_258_520419311.1540772211--

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2018-10-29 03:30

Headers are unlikely to show any detail of the connection

The ONLY way to tell is check your logs
Connection Encryption shows up under TCP/IP logging
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2018-10-29 04:47

Ok... I'll confirm tomorrow

User avatar
Dravion
Senior user
Senior user
Posts: 1421
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Upgrading Database and SSL

Post by Dravion » 2018-10-29 11:00

millespaul700 wrote:
2018-10-29 09:29
Update expiring Mongo cluster SSL certificate
Sorry, this is not a MongoDB Supportforum and hMailServer only supports a few Full SQL Databases.
Its not possible to run a hMailServer on a NoSQL Database like Mongo, Redis, ChouchDB ect.

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2019-02-16 01:48

mattg wrote:
2018-10-29 03:30
Headers are unlikely to show any detail of the connection

The ONLY way to tell is check your logs
Connection Encryption shows up under TCP/IP logging
Hi Matt,

Wow... tomorrow turned into months...

See excerpt in log below. I don't think my SSL works

Code: Select all

"DEBUG"	4980	"2019-02-15 12:27:41.180"	"TCP connection started for session 20361"
"DEBUG"	4980	"2019-02-15 12:27:41.180"	"Performing SSL/TLS handshake for session 20361. Verify certificate: False"
"TCPIP"	4980	"2019-02-15 12:27:41.180"	"TCPConnection - TLS/SSL handshake completed. Session Id: 20361, Remote IP: 192.168.0.1, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256"
"SMTPD"	4980	20361	"2019-02-15 12:27:41.180"	"192.168.0.1"	"SENT: 220 domain.com Welcome to the SMTP Server (Exim)"
"SMTPD"	788	20361	"2019-02-15 12:27:41.196"	"192.168.0.1"	"RECEIVED: EHLO FUFIT01"

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2019-02-17 00:17

TCPConnection - TLS/SSL handshake completed.
I think it does




This bit
Verify certificate: False
means that your hmailserver didn't try to validate the name of the certificate used by the other server.

Hmailserver will only try to validate for SSL certs for a a route or an SMTP relayer, and then only if the 'Verify remote server SSL/TLS certificates' option is checked under SSL/TLS
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2019-02-17 19:45

mattg wrote:
2019-02-17 00:17
TCPConnection - TLS/SSL handshake completed.
I think it does




This bit
Verify certificate: False
means that your hmailserver didn't try to validate the name of the certificate used by the other server.

Hmailserver will only try to validate for SSL certs for a a route or an SMTP relayer, and then only if the 'Verify remote server SSL/TLS certificates' option is checked under SSL/TLS
I see.

I will check if that option is selected. So I do not need that verification?

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2019-02-18 00:59

In fact many servers outside of the EU fail that verification, including many banks and government departments in my Country (Australia), although this is is getting better.

In the EU, especially in Germany, they tend to get this correct.

In answer to your question I have 'verification' turned ON, but the only time it matters is for POP3 external downloads, for SMTP routes and SMTP relayer.

I also needed to install Googles trust certs to make connections to Gmail work.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2019-02-18 03:26

mattg wrote:
2019-02-18 00:59
In fact many servers outside of the EU fail that verification, including many banks and government departments in my Country (Australia), although this is is getting better.

In the EU, especially in Germany, they tend to get this correct.

In answer to your question I have 'verification' turned ON, but the only time it matters is for POP3 external downloads, for SMTP routes and SMTP relayer.

I also needed to install Googles trust certs to make connections to Gmail work.
Interesting.

Where did you install the Google Trust Certs?

That log was as a result of a test email to a gmail address.

User avatar
mattg
Moderator
Moderator
Posts: 20024
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Upgrading Database and SSL

Post by mattg » 2019-02-18 04:01

Installing the google certs won't change what the log says.

The logs says that communication succeeded, but the hMailserver didn't try to validate the server cert (because it didn't have to as the connection was standard incoming message - these ARE NEVER validated by hMailserver)


However to answer your question >> http://www.hmailserver.com/forum/viewto ... 21&t=32158
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MarHMS
Normal user
Normal user
Posts: 103
Joined: 2015-12-11 17:10

Re: Upgrading Database and SSL

Post by MarHMS » 2019-02-22 03:45

mattg wrote:
2019-02-18 04:01
Installing the google certs won't change what the log says.

The logs says that communication succeeded, but the hMailserver didn't try to validate the server cert (because it didn't have to as the connection was standard incoming message - these ARE NEVER validated by hMailserver)


However to answer your question >> http://www.hmailserver.com/forum/viewto ... 21&t=32158
Thank you!

Really appreciate the prompt responses!

Post Reply