Once, a user in Gmail set up mail import from a mail server running on iRedMail and received an error in response:
Failed to establish SSL secure connection to host
By default, in Gmail you need to specify iRedMail ports POP3 995 SSL and SMTP 587 TLS.
I looked at the logs var /log/dovecot/pop3.log and found the following:
dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=.., lip=.., TLS: Connection closed, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
Then I looked at what certificates are specified in the /etc/dovecot/dovecot.conf and /etc/postfix/main.cf configuration and found an error, for example, certificates from LetsEncrypt were specified:
/etc/dovecot/dovecot.conf
ssl_cert = </etc/letsencrypt/live/mail.ixnfo.com/cert.pem
ssl_key = </etc/letsencrypt/live/mail.ixnfo.com/privkey.pem
/etc/postfix/main.cf
smtpd_tls_key_file = /etc/letsencrypt/live/mail.ixnfo.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.ixnfo.com/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.ixnfo.com/chain.pem
And it is necessary to indicate it like this:
/etc/dovecot/dovecot.conf
ssl_ca = </etc/letsencrypt/live/mail.ixnfo.com/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.ixnfo.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.ixnfo.com/privkey.pem
/etc/postfix/main.cf
smtpd_tls_key_file = /etc/letsencrypt/live/mail.ixnfo.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.ixnfo.com/fullchain.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.ixnfo.com/chain.pem
To apply the configuration changes, I restarted the services:
service dovecot restart
service postfix restart
After that, the user has successfully set up importing and sending mail via Gmail.
See my other articles about the mail server