Questions tagged [starttls]
STARTTLS is the SMTP command to connect to email servers securely over TLS (formerly SSL). Use with an email server tag like [postfix], [exchange], etc.
118
questions
7
votes
1
answer
903
views
Why do certificate CNs not match the hostnames provided in MX records?
I'm the author of checkdmarc, an open source CLI tool for checking DMARC and other email security standards. One of those checks involves testing if the mail servers listed in a domain's MX records ...
0
votes
1
answer
106
views
Postfix client submission using TLS
I recently set up a Postfix mail server on Ubuntu to relay emails from my apps to Office365. Postfix to O365 works without problem but I also want my apps to connect to Postfix using TLS where ...
1
vote
1
answer
105
views
Postfix: Mail servers of certain providers are unable to send mail to my Postfix server / insufficient security / SSL alert number 71
There is big German email hoster (web.de) whose mail servers are not able to send mails to my self-hosted Postfix server. I found similar reports, but the published solutions always were misconfigured ...
0
votes
2
answers
428
views
How do I properly issue Let's Encrypt certificate for my mail server?
How do I properly issue Let's Encrypt certificate for my Postfix mail server?
Right now I have a self-signed certificate and I get these messages it cannot be trusted.
I did certbot --nginx certonly -...
2
votes
0
answers
79
views
postfix wrappermode depending on destination
My ISP accepts mail on port 465 thus requiring smtp_tls_wrappermode = yes. However, I also have another internal server, to which I forward mail on port 25 using STARTTLS, but with ...
0
votes
1
answer
224
views
Specific incoming mail to postfix rejected by sslv3 alert bad certifica te:s3_pkt.c:1493:SSL alert number 42:
I have postfix running on mail.myserver.com for the past 15+ years, successfully receiving and sending mail. All certs are fully valid using Let's Encrypt. I can verify that they are fine using ...
0
votes
1
answer
170
views
Postfix TLS: Examples for problems when using client certificates
The Postfix documentation states the following with regards to the parameter for client certificates, smtp_tls_cert_file:
smtp_tls_cert_file (default: empty)
[...]
Do not configure client ...
0
votes
0
answers
249
views
Is Certificates are required for STARTTLS connection on LDAP
My LDAP server's ldap.conf file
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=coretesting,dc=com
URI ldap://ldap....
1
vote
0
answers
936
views
How to (properly) force the use of SSL or STARTTLS in OpenLDAP?
I have successfully managed to configure my OpenLDAP (which is an Apple Open Directory variant, but that should not matter) to work with both, SSL (ldaps on port 636) as well as STARTTLS (on port 389)....
0
votes
1
answer
920
views
Unable to start STARTTLS in PowerMTA server
We have PowerMTA v5.5r1 installed on Ubuntu 22.04 server. When I tried to telnet localhost with 25 port I am unable to see 250-STARTTLS option.
Please help which parameter or configuration needs to ...
0
votes
0
answers
271
views
Why exim does not use TLS when sends email to remote SMTP?
Here what exim does when sends emails to gmail and other SMTP severs
Received: from ns01.virtex.kz (ns1.virtex.kz. [185.141.164.16])
by mx.google.com with ESMTP id i11-...
1
vote
1
answer
1k
views
Nginx mail proxy: tls between the proxy and the server?
When using the Nginx Mail Proxy feature to realize an SMTP proxy, there are several options available to configure (start)tls between the client and the proxy.
However, it appears between the proxy ...
0
votes
2
answers
3k
views
PHP8 ldap_bind : Error -1 Can't contact LDAP server
I m on almalinux 8.7 with PHP8.
Test ldapsearch with TLS is ok
ldapsearch -H ldap://xxxx -x -ZZ /etc/pki/tls/certs/xxxx.pem -D 'xxxxx' -w 'xxxx' -b 'cn=xxx,cn=users,dc=xxx,dc=xxxx'
But ldap_bind won'...
0
votes
1
answer
2k
views
sendmail does not issue STARTTLS when acting as a client
I'm having problems relaying to servers that whise mail is routed through mimecast. Connections are being rejected with the message:
553 This route requires encryption (TLS) - https://community....
1
vote
1
answer
2k
views
Mail server sending to postfix refusing TLS connection with "certificate expired", but it's not
Since April 30, I'm seeing errors like that in my mail log:
May 1 02:27:27 afaron postfix/smtpd[2644268]: connect from r137.info.hofer.at[66.117.17.137]
May 1 02:27:27 afaron postfix/smtpd[2644268]: ...