So I am getting the following error when setting my gmail rpop config:
2022-09-24 14:19:39.847 +0000 08 c265ea38ddff RPOP:000000E9: rpop connection successfully started for account test@somedomain.com
2022-09-24 14:21:50.576 +0000 16 c265ea38ddff RPOP:00000000: >> SSL: client hello, remote 142.251.162.109:995, version TLS 1.3 (0304)
2022-09-24 14:21:50.576 +0000 16 c265ea38ddff RPOP:00000000: >> SSL: client hello, remote 142.251.162.109:995, session id c8d927f2809896be329a8c1370d44b11c04b9d7d75cb53b1f7f6b9cdb0d7966c
2022-09-24 14:21:50.576 +0000 16 c265ea38ddff RPOP:00000000: >> SSL: client hello, remote 142.251.162.109:995, 31 cipher suites: 130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff
2022-09-24 14:21:50.576 +0000 02 c265ea38ddff RPOP:00000000: SSL error remote 142.251.162.109:995, SSL_connect:failed in SSLv3/TLS write client hello
2022-09-24 14:21:50.576 +0000 02 c265ea38ddff RPOP:000000E9: rpop connection for account test@somedomain.com ended, status: 8;Cannot connect to remote host: SSL error
2022-09-24 14:21:50.576 +0000 08 c265ea38ddff RPOP:000000E9: rpop connection for account test@somedomain.com rescheduled in 10 minutes
I donât think I need a valid CA certificate on my server to fetch emails from gmail⌠right?
Hello Rafael,
No, the error you see there is not related to your own server SSL certificate but should point to a failure in negotiating the SSL handshake with the remote party (in this case Gmail POP3 service).
Could you please let us know your exact Axigen version?
BR,
Ioan
Hello,
The original question seems to be unanswered still, and since my problem is very similar, I thought Iâm going to revive the thread with the goal to have an answer provided for everyone.
I am getting the following error:
2024-03-21 12:12:59 +0100 08 TEST RPOP:0000005D: rpop connection successfully started for account test@testdomain.de
2024-03-21 12:12:59 +0100 02 TEST RPOP:00000000: SSL error remote 195.30.84.61:995, SSL_connect:failed in SSLv3/TLS write client hello
2024-03-21 12:12:59 +0100 02 TEST RPOP:00000000: SSL alert remote 195.30.84.61:995, undefined:fatal:unknown CA
2024-03-21 12:12:59 +0100 02 TEST RPOP:00000000: SSL error remote 195.30.84.61:995, SSL_connect:failed in error
2024-03-21 12:12:59 +0100 02 TEST RPOP:00000000: 195.30.84.61:995 SSL_connect error: error:0A000086:SSL routines::certificate verify failed
The provider is a German company called ServerProfis. The server name is cp61.sp-server.net. Connecting to the server with email client Thunderbird via POP is no problem at all (SSL/TLS, Port 995, password normal).
My Axigen version is 10.5.18. The RPOP is setup accordingly.
EDIT:
In the Axigen Admistration console under SSL certificates is an entry, which was created by Axigen itself. Under status is states âSelf signed certificate; no CA foundâ. Just in case this is an indicator for the problem.
I hope someone has a helpful idea how to solve this issue.
Hello Wolfgang,
Assuming you are on Linux, please share with us the output for the following commands:
$ grep caBundlePath /var/opt/axigen/run/axigen.cfg
$ ls -l /opt/axigen/cacert_default.pem
$ md5sum /opt/axigen/cacert_default.pem
$ grep "Root CA" /var/log/mail*
On the other hand you may disable certificate validation for RemotePOP client by adding a new line into the service configuration file (e.g. /etc/sysconfig/axigen for RPM based systems or /etc/default/axigen for DEB ones) for example at the end of the file, like:
export AXI_RPOP_OPT_X_TLS_IGNORE_CERT=yes
After this change please restart your Axigen service.
HTH,
Ioan
You may also check this thread
Hi Ioan,
Thanks for the quick response. This is actually the unsual case that I am not looking for a solution for a Linux but for a Windows problem.
However, I have tried to translate your requests into Windows language:
-
search in /âworking directoryâ/run/axigen.cfg
caBundlePath = ââ
-
dir âC:\Program Files\Axigen Mail Server\cacert_default.pemâ
16.10.2023 10:51 218.699 cacert_default.pem
-
certutil -hashfile âC:\Program Files\Axigen Mail Server\cacert_default.pemâ MD5
048c8942bf1a141b47418361deb7ab2b
-
Windows event log:
Root CA store successfully loaded from default bundle file C:\Program Files\Axigen Mail Server\cacert_default.pem
I didnât find the service configurration file - I am assuming we are talking about registry entries.
I found âHKLM\SYSTEM\CurrentControlSet\Services\Axigen Mail Serverâ - not sure if I am in the right place.
If you told me what and where to add something in Windows, I might be able to disable the certificate validation for RemotePOP client.
EDIT: By the way, the certificate with the âNo CA foundâ status is called axigen_cert.pem and is located in the working directory
Greetings,
Wolfgang
Hi again,
Just wanted to show what the WebAdmin tells me about the certificates:
It would be nice if somebody would tell me what to do to get Remote POP working - either with fixing the certificate or with disabling certificates (in Windows).
Thanks in advance.
Hello Wolfgang,
Do not worry about the Axigen certificates as them are for the server side (like SMTP / IMAP / POP3 and WebMail listeners) and RPOP is a client that connect to remote servers and fetch locally the remote messages.
For Windows please set the mentioned environment variable ( AXI_RPOP_OPT_X_TLS_IGNORE_CERT = yes ) by accessing the Environment Variables > System variables section specific to your Windows version and restart Axigen service afterwards.
HTH,
Ioan
1 Like
Hi Ioan,
Thanks a lot for you help. Now Remote POP is working as expected and desired.
Best regards,
Wolfgang
1 Like
