I have a freshly installed NS8 instance with the mail and nextcloud apps installed. Within webtop, Mail seems to be working
When trying to access the mailbox from Thunderbird, I get the following:
(sorry for the screenshot being in German). The result after auto-detecting security settings is “no encryption”, and if I try to manually switch so starttls or SSL/TLS, I do not get a valid connection.
How can I configure SSL / TLS for the SMTP server?
I have also noticed that within the Mail app, I cannot select any letsencrypt certificate. Which certificates are used for encrypting the mail traffic?
thank you. Yes, I did skip the external DNS registration, because I purely test it in the internal network with internal DNS currently. So the server is not visible in the internet, but internally, DNS records are fine and resolve properly. External DNS configuration should not have any impact on whether I can connect to the postfix server using SSL or not in the internal network.
It could be that a missing certificate is the root cause of this. However, I did not find a way in the mail app to register an LE certificate. How can I do so?
Thank you. I have now added certificates for the machine host name. However, postfix still does not use them and only allows unencrypted connections.
How can I fix that?
ok, this seems to be a bug in Thunderbird: The auto-recognition of StartTLS connections seems to be broken. When I manually force it to use StartTLS, it is working as expected (I have to setup the account without StartTLS and change it in the outgoing mail server later).
I have tested this also against a mail account that I know is working, and the autodetection in Thunderbird fails as well.
Sorry for the noise → this does not seem to be an NS8 issue, but seems to be problem with Thunderbird. EM Client recognizes the server without issues.
@capote thank you for the help. The certificate is properly used by the ns8 mail system, and after configuring everything manually in Thunderbird, the secure connection is accepted without issues and without certificate warnings.