Email Server not working on SSL/TLS

Hitesh_Dubey · December 16, 2020, 2:16pm

NethServer Version: 7.9
Module: Email

Hi,

Can we set Email server on SSL/TLS ? I have configured but not working. Can anyone help me this out ?

Thanks

danb35 · December 16, 2020, 2:22pm

It is by default.

What do you mean by “not working”? What exactly happens, that you don’t think is supposed to happen?

Hitesh_Dubey · December 16, 2020, 2:30pm

i want to configure NS 7 as Secured Email Server on SSL/TLS.

danb35 · December 16, 2020, 2:42pm

When you set up a mail server, it uses SSL/TLS by default. Do you need help setting up the mail server in the first place? Then look at the docs:

But you said it’s “not working”–frankly, that’s the most useless problem report you can give. You expect it to do something. It does something. All anyone can understand from “not working” is that the something it does, and the something you expect it to do, aren’t the same–but it tells us nothing about what either of those “somethings” is.

So, to repeat: what exactly do you mean by “not working”?

Hitesh_Dubey · December 17, 2020, 9:52am

Hi,

See this is not working. I hope this will give you clear picture. I have configured mail server on NS7 and setup client on SSL authentication. But not working. Is there any specific setting on server for SSL?

saitobenkei · December 17, 2020, 10:44am

where does pdc.xxxxxx.com point to?
To the ip of the server or to the ip of the VM that acts as a pdc?
For this to work it must point to the server ip if the client is in the local lan or to the public ip if the client is connected via internet
If you try to ping it does it respond?
Change “Autodetect” Authentication with “Normal Password”
Is the client connected to the local network or trying to access from the internet?
Did you install the fail2ban package on the server that blocked your client’s public ip?
If connecting from the internet, do ports 465 and 993 from the router point to the server ip?
And does pdc.xxxxxx.com point correctly to the public ip of the connection?

Hitesh_Dubey · December 17, 2020, 11:15am

Hi,
does pdc.xxxxxx.com point to? public ip
ping it does it respond? yes pinging
do ports 465 and 993 from the router point to the server ip? allowed on firewall
Did you install the fail2ban package on the server that blocked your client’s public ip? not installed

strange behaviour - password i am writting is correct even i can login via webmail with the same.

danb35 · December 17, 2020, 11:51am

The screen shot you posted gives no indication that SSL isn’t working; it says only that automatic discovery of your account settings failed (which is to be expected; that isn’t part of Nethserver by default–see email_autoconfig_module [NethServer Wiki] to add this feature).

mrmarkuz · December 17, 2020, 1:49pm

Is port 587 forwarded too?
Some providers block SMTP ports. Please check if ports are really open.

saitobenkei · December 17, 2020, 1:50pm

In this new screenshot you changed smtp port form 465 to 587 and authentication from SSL/TLS to STARTTLS.

Has port 587 been properly redirected on the firewall?

You have also changed the login (username) which is now without @xxxxx.com

Can you try to put it back?

Hitesh_Dubey · December 18, 2020, 11:28am

You have also changed the login (username) which is now without @xxxxx.com, i have tried all the way with or without. But same issue.

993, 465, 587 is allowed on firewall.

Hitesh_Dubey · December 18, 2020, 11:42am

already done ! but the same.

danb35 · December 18, 2020, 12:49pm

So the problem is that you can’t log in to the mail server–absolutely nothing you’ve posted gives any hint that there’s anything related to SSL/TLS going on, so I have no idea why you thought that was the case.

I wonder about the credentials you’re using, though. You’re using a hostname of pdc.something, which suggests “primary domain controller”. That’s ordinarily something that should resolve to your AD domain controller, which is a separate container (with a separate IP address from the Neth box). Is that the case? Because that will cause problems.

Otherwise, if pdc.whatever resolves to the main IP address of your Neth box, we’ll need to see what’s going on in a lot more detail. I thought Thunderbird would give that, but apparently not. So here’s what you’re going to need to do, from some sort of Unix-y (Linux, macOS, *BSD) client system, using the command line:

First, use the first two Perl commands at this page:
https://www.ndchost.com/wiki/mail/test-smtp-auth-telnet
to get the base64-encoded username and password
Second, use openssl to initiate the connection: openssl s_client -starttls smtp -crlf -connect hostname:587
Third, follow the instructions at the link above beginning at AUTH LOGIN.

Post the output of that session so we can get a better idea of what’s going on.

Edit: I’d think someone would have written a script that could test this, both on IMAP and SMTP, and show you where any errors are, but Google isn’t finding one.

Hitesh_Dubey · December 18, 2020, 4:26pm

Problem is with mail server, which is configured on NS7 inbuilt. I am unable to login via email client whether its ssl or not.
it fails on checking password as below.

danb35 · December 18, 2020, 4:49pm

No, Neth won’t let you log in without SSL. Follow the steps I outlined in my previous post and post the result.