I am struggling to get email sent from a non-miva merchant application. The emails worked fine on our old serve using Qmail, but that is no longer available and now we have to use postfix and for some reason they are not getting sent. Emails are getting sent from another application (a form software) that works similar to Miva. Attached is what it looks like in my logs. I must be missing something really big (an hopefully easy to fix).
-
---------------------------------
Robin McDermott, CQE
Director of Training
QualityTrainingPortal.com -
Probably trying to use STARTTLS and the target server is not presenting an SSL cert Empresa can validate; could be bad hostname, expired, not issued by a recognized entity, Empresa not connected to proper cert store for roots, etc. -
There are so many variables that this is overwhelming to me.
Here is our code:
<MvSMTP
MAILHOST = "{g.mailhost}"
FROM = "{g.mail_from}"
TO = "{g.mail_to}"
CC = "{g.mail_cc}"
SUBJECT = "{g.mail_subj}">
PORT = "587"
USERNAME = "[email protected]"
FLAGS = "tls"
PASSWORD = "XXXXXXX"
<MvEVAL EXPRESSION = "{g.mail_rep}">
<MvEVAL EXPRESSION = "{l.html}">
<MvEVAL EXPRESSION = "{l.lfcr}">
<MvEVAL EXPRESSION = "{g.mail_body}">
<MvEVAL EXPRESSION = "{l.lfcr}">
</MvSMTP>
Does this look correct? If not??
Is so what else could be going on?
Here are the relevant lines of the confirguation:
cafile=/etc/pki/tls/certs/ca-bundle.crt
redirectonly=1
builtindir=/var/www/vhosts/xxx.com/cgi-bin/mivavm-v5.35/lib/builtins
openssl=/usr/lib64/libssl.so.10
openssl_crypto=/usr/lib64/libcrypto.so.10
I wonder if there could be a problem with open SSL?
What I see on the server is
/usr/lib64/libssl.so.3
/usr/lib64/libcrypto.so.3
I do not have the so.10 version....could that be a problem? If not, should I change the config file to the xxx.so.10 versions?
Thank you so much in advance!---------------------------------
Robin McDermott, CQE
Director of Training
QualityTrainingPortal.comComment
-
And, I will say that if anyone wants to help me with this in a paid consulting capacity, that I am happy to pay for this to get fixed.---------------------------------
Robin McDermott, CQE
Director of Training
QualityTrainingPortal.comComment
-
I'd recommend installing a localhost mail relay that you can use without STARTTLS and without authentication, and have it handle the forwarding on to the intended authenticated relay, if that's needed. Otherwise you're going to not only need to handle SSL and auth properly, but ensure your Empresa also uses a valid cert bundle, the target mail server presents a valid cert matching the name, isn't expired, comes from a trusted authority, etc. It will also break any time any of those other components break. We'd have no way of knowing if the OpenSSL version on your server is compatible, which libraries are correct, etc. Empresa 5.35 is a very old version, and if the server is OpenSSL v3 for example, you'd need to be on a much newer version. If the CA file is not accurate or updated, it could be incapable of supporting the target server's CA-issued cert.Comment
-
I did attempt to upgrade to Empressa 5.5. Everything BUT the mail worked. When I tried to send mail from the server, I got an error message.
Can you recommend a miva programmer consultant who could help me with this?I'd recommend installing a localhost mail relay that you can use without STARTTLS and without authentication, and have it handle the forwarding on to the intended authenticated relay, if that's needed. Otherwise you're going to not only need to handle SSL and auth properly, but ensure your Empresa also uses a valid cert bundle, the target mail server presents a valid cert matching the name, isn't expired, comes from a trusted authority, etc. It will also break any time any of those other components break.---------------------------------
Robin McDermott, CQE
Director of Training
QualityTrainingPortal.comComment
Comment