NethServer Version: NethServer 7.9.2009 Module: mail 2.32.2
**Cockpit ** Vers 195.12
Sorry, I have to create an internal SMTP server that accepts incoming emails sent by our MANAGEMENT which unfortunately works only with TLS 1.1 protocol (and maybe TLS 1.0) preferably on port 25 (but I think 587 would also be fine), STRICTLY with AUTHENTICATION (I also need one (1) user with password)
In addition, the SMTP Server (NethServer) will have to relay this email to Microsoft’s SMTP with the credentials of a 365 user already active and running.
WHAT do you say is feasible?
At the moment I manage, by writing in python, to have a POSITIVE outcome only with authentication on the STARTTLS protocol or with TLS 1.2 (paradoxically not even TLS 1.3 works, but I don’t care for the purpose).
I can’t find any settings that could help me, if I change “/etc/postif/main.cf” I lose the configurations at the first changes made via the web via Cockpit.
https://docs.nethserver.org/en/v7/mail.html#special-smtp-access-policies
You can find most of the possible solutions in this section of the email module.
IMVHO should be easier (while not always best option nor the suitable one) allow plain communications rather than trickle with TLS allowance.
TLS setting is currently system wide, at this project status (7 version) I can’t see how this could be reworked in any way. For the 8 project, communication encryption is engraved (sort of) into structure of the system, so I doubt than anything less than TLS 1.3 will be considered viable since NethServer 8. Simply personal opinion.
Going back to your request… I’m assuming that “MANAGEMENT” email sender is inside your network, not coming from internet… If it’s outside your network space, TLS 1.1 or less is really bad mojo by my gut.
Thanks Steph, but I installed the “old” version precisely because I hoped that it could also handle the old TLS 1.1. I expect that version 8 will definitely block the old TLS 1.0 and TLS 1.1. Do you think I would have liked to install NethServer 6.10 …
Thanks Pike,
I confirm that my sender user (that I created in NS 7) is inside the network so I expect that an “old” version of Nethserver can still handle TLS 1.1 with authentication
what I don’t understand is why “in my house” I can’t make an “old” infrastructure… I mean, will I be free to create “in my house” a nostalgic infrastructure from the 90s just for the pleasure of seeing a Windows 2000 server and some PCs with Windows 2000 workstations?
So reiterating my request, I would like to create an SMTP SERVER prior to TLS 1.2 and therefore go back in time 6 or 10 years, is it so impossible?
I realize that asking for assistance on old products is, rightly, the real problem and also makes little sense… but if there was some expert ready to give me a tip I would be grateful.
I thank Stephane and Pike again for the time dedicated to me
To be precise, you may be able to boot these old OS (especially if running virtualized VMs), but they will not be of the same use as in the 90ies.
Most likely you won’t be able to get a working browser or internet working, as all available old browser versions have expired master SSL keys…
And it’s not only Windows…
But if you’re REALLY GOOD as a coder / hacker, you can bash-mash the source code of eg Firefox to make it work.
Maybe even TB or Libreoffice.
But it won’t be a quick fix in a text file. Windows does not give you these options!
But all the time / effort would be better invested in migrating to current systems…
Thanks a lot Andy… unfortunately I’m not a good coder/hacker so there is no hope of being able to have an SMTP server with TLS 1.1 …
I’m a bit disappointed because TLS 1.1 was supported until last year, in short it is not so obsolete so it seems really strange to me that it cannot be reused internally
I tried…
Thanks to all
I’d like to rephrase your question.
Are you capable of implement such kind of software for instance… re-compiling older version of packages software for allow you to do what you like?
I can tell you that currently I am not, but the plain (no TLS) tip still stands, for acting as relay. Could really work
I won’t stop you to do that, your stuff and your environment .
Issues arise when… you try to interoperate. Aside from the concept of retro-computing (allowing people to admire quite like art older pieces of hardware and software, I enjoyed a lot some retro-tech at the Time museum of Greenwich), interconnect obsolete-and-unsupported-but-still-critical systems to current is something really valuable for companies, realize custom made hardware and software is not cheap in time nor skills, so a hefty price is requested to keep the wheel spinning. In 2005 i was simply astonished to see a serial-to-punched-tape interface that allow a wheel mill to keep working. That was a DOS-software to pass information, into a 2003 AD environment. Neither of that pieces came cheap, as guess.
You received more than one tip, also the documentation of the project, so you can start tinker yourself with NS, relay and TLS options.
I hope that ingredients will be enough for realize your dish, however it’s time for you to be the chef and start cooking.
Thanks Steph, I have no difficulty admitting that I do not have such skills and, alas, not even the time to dedicate to them …
I can say that the server responds well to Starttls and TLS 1.2 but I discovered that the Relay does not work even though the settings I believe are correct. the sender of the mial to the Neth server is always only one (usersmtp) and therefore all incoming emails must then be sent to the SMTP of Microsoft 365 with appropriate credentials.
but it does not work … I attach slides of the configuration done … unfortunately I cannot intervene on the main.cf file (of postfix) because it would always be overwritten in case of changes via the web on the server …
THANKS
sorry, I solved it! I actually discovered that the manager that sent the mail to the NetH server actually did not always send with the same user (usersmtp) but also with personal addresses managed internally to the accounting software. Added these users in the “relay Host” everything works correctly.
Thanks to everyone for the advice and patience
joseph
.