Smarthost TLS is required, but was not offered by host

DukeOfAwesome · October 22, 2019, 11:42pm

Hi,

Firstly, thanks guys for what seems like an awesome project!

I’m playing around with NethServer 7.7.1908 and when setting up the email server I also setup a smarthost. Occasionally, not on all emails, when I check the queue there is half a dozen or so emails that have the error message:

“TLS is required, but was not offered by host”

What I don’t understand is why this happens to only a few emails. If I remove the smart host and flush the mail queue the emails get sent successfully. I have used 2 different smarthosts and both get the same issue. One is my ISP and the other is an internal mail server.

Any help would be most appreciated…

Duke

stephdl · October 23, 2019, 10:58am

we may ask for TLS, but IIRC we do not require it

cc @davidep

davidep · October 23, 2019, 11:46am

Could you attach an excerpt of /var/log/maillog?

DukeOfAwesome · October 24, 2019, 12:38am

Hi davidep,

Here are the 2 excerpts as requested the first using the internal mail server as smarthost and the second using the ISPs mail server (domains changed for display purposes):

Oct 22 18:27:27 nethserver postfix/smtp[16517]: ADD8516B091: to=<root@.com.au>, relay=192.168.8.2[192.168.8.2]:25, delay=0.12, delays=0.1/0.02/0/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host 192.168.8.2[192.168.8.2])
Oct 22 18:27:31 nethserver postfix/smtpd[16511]: connect from unknown[45.142.195.5]
Oct 22 18:27:31 nethserver rspamd[9394]: ; proxy; proxy_accept_socket: accepted milter connection from /var/run/rspamd/worker-proxy

Here is the ISP log excerpt:

Oct 23 10:24:56 nethserver postfix/smtp[5619]: 47E8216F37A: to=<@<domain.com.au>, relay=mail.internode.on.net[203.16.214.182]:25, delay=8655, delays=8655/0.04/0.5/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host mail.internode.on.net[203.16.214.182])

Thanks

Duke

davidep · October 24, 2019, 9:58am

That host seems to not advertise the STARTTLS command

$ nc -C mail.internode.on.net 25
220 mail-server-domain ESMTP mail service ready
EHLO nethesis.it
250-ipmail01.adl2.internode.on.net
250-8BITMIME
250-SIZE 52428800
250-AUTH PLAIN LOGIN
250 AUTH=PLAIN LOGIN

I guess you have to enable the Allow unencrypted connections checkbox. Keep in mind your passwords will be sent in clear-text!

DukeOfAwesome · October 24, 2019, 10:51am

Thanks David, but I can’t find the Allow unencrypted option anywhere. It’s not with smart host settings. Can you please tell me where it’s located?

davidep · October 24, 2019, 10:58am

In Server Manager:

Email > Smarthost > Send mail using a smarthost > Allow unencrypted connections (set checked)

In (Cockpit) Server Manager:

System > Settings > Smart Host > Use a smarthost > Encrypted connections (set unchecked)

Just for the record, there’s also a link to System > Settings in the Email > Relay panel

DukeOfAwesome · October 24, 2019, 11:04am

You’re a God! Thank you so much…

davidep · October 24, 2019, 11:09am

Thank you, if my answer solves you issue please don’t forget to mark the topic as solved!

DukeOfAwesome · October 24, 2019, 11:12am

Done! Thanks again