TLS errors with latest version (2.5.0) of spiderd about iredmail HOT 9 CLOSED

Hi Martin,

I can not reproduce this issue. Did you request free ssl cert with Spider (Settings -> SSL Cert)?

from iredmail.

Hi Martin,

I can not reproduce this issue. Did you request free ssl cert with Spider (Settings -> SSL Cert)?

Hi,
no without a certificate, it is run behind an apache reverse proxy.

This is the settings.json

{ "admin_emails": ["admin art mail.xy-space.de"], "archiving_username": "archive", "archiving_domain": "mailarchive.xy-space.de", "archiving_with_host_ip": true, "license_key": "redacted", "log_level": "info", "log_target": "file", "log_rotate_interval": "1w", "log_max_backups": 20, "log_syslog_server": "/dev/log", "retention_years": 3, "smtpd_bind_address": ":1025", "smtpd_force_secure_conn": false, "smtpd_allowed_only": true, "smtpd_auth": true, "smtpd_user": "redacted", "smtpd_password": "redacted", "web_bind_address": ":18080", "web_home_path": "", "web_default_language": "en_US", "cert_domain": "" }

After reverting to version 2.4.2 the warning messages went away instantly.

Martin.

from iredmail.

What's the related settings in Apache reverse proxy?

from iredmail.

What's the related settings in Apache reverse proxy?

<VirtualHost *:443>
        ServerName spider.xy-space.de

        SSLCertificateFile /etc/...
        SSLCertificateKeyFile /etc/...

        ErrorLog /var/log/apache2/spider.xy-space.de-error_log
        ErrorLogFormat "[%t] [%l] [pid %P] %F: %E: [client %a] %M"
        TransferLog /var/log/apache2/spider.xy-space.de-access_log

        Redirect permanent "/" "https://spider.xy-space.de/"

        RequestHeader set X_FORWARDED_PROTO 'https'
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:18080/
        ProxyPassReverse / http://127.0.0.1:18080/
</VirtualHost>

from iredmail.

So the ssl cert is handled by Apache, not Spider. It's more like an Apache issue to me, smtp traffic doesn't reach spider at all.

from iredmail.

Seems i'm wrong.

Question: Is the smtp service offered by Spider running behind a (smtp) proxy too?

According to the settings.json you pasted above, the SMTP service provided by Spider doesn't offer secure connection due to no ssl cert, so you should configure Postfix (on openSUSE) to not use secure connection.

from iredmail.

Only the web interface is behind the apache reverse proxy.

In the settings.json file there is the entry "smtpd_force_secure_conn" set to false.

from iredmail.

I still cannot find a good idea.

There are no error messages in the spiderd log, so spiderd config must be fine.
Postfix seems to be unhappy with the new version.
Did you change anything with TLS version support or cipher support?

from iredmail.

Dear @M-Stenzel

Confirmed it's a bug of latest Spider v2.5.0, and fixed moment ago in new version v2.5.1.
Please download new version and upgrade:

• Download: https://spiderd.io/
• Upgrade: https://spiderd.io/docs/upgrade.html
• Full change log: https://spiderd.io/docs/changelog.html

Let me know if it doesn't work for you. Thanks again for the feedback. :)

from iredmail.