rdm-mailhandler.rb chokes on self-signed certificate

Added by Jérôme L over 6 years ago

Hi all.

I'm trying to setup email reception as per the doc : http://www.redmine.org/projects/redmine/wiki/RedmineReceivingEmails

I don't think it is related but it may be worth mentionning that my setup is a bit different from the doc because my Redmine instance is hosted as redmine.domain.tld and from Postfix perspective, it is a hosted domain.

I redirect all mail to redmine using a dedicated transport :

main.cf contains :

virtual_mailbox_domains = redmine.domain.tld
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport

redmine.domain.tld redmine:

/etc/postfix/vmailbox

@redmine.domain.tld whatever

I created a redmine system user and added this in master.cf

redmine unix  -       n       n       -       -       pipe
  flags=FR user=redmine argv=/usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb --url https://redmine.domain.tld --key gkAnuGEX5xSuY5tBxSPe" --project projet-test

And here is what Postfix says :

Jul 7 17:48:02 prod postfix/pipe19025: 4F35421E91: to=<>, relay=redmine, delay=0.24, delays=0.05/0.01/0/0.18, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb". Command output: /usr/lib/ruby/2.1.0/net/http.rb:920:in `connect': SSL_connect returned=1 errno=0 state=unknown state: certificate verify failed (OpenSSL::SSL::SSLError) from /usr/lib/ruby/2.1.0/net/http.rb:920:in `block in connect' from /usr/lib/ruby/2.1.0/timeout.rb:76:in `timeout' from /usr/lib/ruby/2.1.0/net/http.rb:920:in `connect' from /usr/lib/ruby/2.1.0/net/http.rb:863:in `do_start' from /usr/lib/ruby/2.1.0/net/http.rb:852:in `start' from /usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb:36:in `post_form' from /usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb:131:in `submit' from /usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb:178:in `<main>' )

I'm using a self-signed certificate. I know it is not ideal. Anyway, did anybody already encounter this? Any workaround?

BTW, until everything is working, I'm not 100% sure of the setup as soon as it diverges from the doc, so any comment is welcome.

Thanks.