Skip to main content
Server Fault

Questions tagged [starttls]

Ask Question

STARTTLS is the SMTP command to connect to email servers securely over TLS (formerly SSL). Use with an email server tag like [postfix], [exchange], etc.

118 questions
Newest Active Bountied Unanswered
7 votes
1 answer
903 views

Why do certificate CNs not match the hostnames provided in MX records?

I'm the author of checkdmarc, an open source CLI tool for checking DMARC and other email security standards. One of those checks involves testing if the mail servers listed in a domain's MX records ...
Sean W.'s user avatar
Sean W.
  • 361
0 votes
1 answer
106 views

Postfix client submission using TLS

I recently set up a Postfix mail server on Ubuntu to relay emails from my apps to Office365. Postfix to O365 works without problem but I also want my apps to connect to Postfix using TLS where ...
smwk's user avatar
smwk
  • 590
1 vote
1 answer
105 views

Postfix: Mail servers of certain providers are unable to send mail to my Postfix server / insufficient security / SSL alert number 71

There is big German email hoster (web.de) whose mail servers are not able to send mails to my self-hosted Postfix server. I found similar reports, but the published solutions always were misconfigured ...
user2690527's user avatar
user2690527
  • 299
0 votes
2 answers
428 views

How do I properly issue Let's Encrypt certificate for my mail server?

How do I properly issue Let's Encrypt certificate for my Postfix mail server? Right now I have a self-signed certificate and I get these messages it cannot be trusted. I did certbot --nginx certonly -...
m27's user avatar
m27
  • 163
2 votes
0 answers
79 views

postfix wrappermode depending on destination

My ISP accepts mail on port 465 thus requiring smtp_tls_wrappermode = yes. However, I also have another internal server, to which I forward mail on port 25 using STARTTLS, but with ...
Lars Hanke's user avatar
Lars Hanke
  • 305
0 votes
1 answer
224 views

Specific incoming mail to postfix rejected by sslv3 alert bad certifica te:s3_pkt.c:1493:SSL alert number 42:

I have postfix running on mail.myserver.com for the past 15+ years, successfully receiving and sending mail. All certs are fully valid using Let's Encrypt. I can verify that they are fine using ...
Kurt Granroth's user avatar
Kurt Granroth
  • 103
0 votes
1 answer
170 views

Postfix TLS: Examples for problems when using client certificates

The Postfix documentation states the following with regards to the parameter for client certificates, smtp_tls_cert_file: smtp_tls_cert_file (default: empty) [...] Do not configure client ...
hjsimpson's user avatar
hjsimpson
  • 123
0 votes
0 answers
249 views

Is Certificates are required for STARTTLS connection on LDAP

My LDAP server's ldap.conf file # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=coretesting,dc=com URI ldap://ldap....
ram ajay's user avatar
ram ajay
  • 7
1 vote
0 answers
936 views

How to (properly) force the use of SSL or STARTTLS in OpenLDAP?

I have successfully managed to configure my OpenLDAP (which is an Apple Open Directory variant, but that should not matter) to work with both, SSL (ldaps on port 636) as well as STARTTLS (on port 389)....
not2savvy's user avatar
not2savvy
  • 227
0 votes
1 answer
920 views

Unable to start STARTTLS in PowerMTA server

We have PowerMTA v5.5r1 installed on Ubuntu 22.04 server. When I tried to telnet localhost with 25 port I am unable to see 250-STARTTLS option. Please help which parameter or configuration needs to ...
Sachin Kadam's user avatar
Sachin Kadam
  • 1
0 votes
0 answers
271 views

Why exim does not use TLS when sends email to remote SMTP?

Here what exim does when sends emails to gmail and other SMTP severs Received: from ns01.virtex.kz (ns1.virtex.kz. [185.141.164.16]) by mx.google.com with ESMTP id i11-...
Falseclock's user avatar
Falseclock
  • 11
1 vote
1 answer
1k views

Nginx mail proxy: tls between the proxy and the server?

When using the Nginx Mail Proxy feature to realize an SMTP proxy, there are several options available to configure (start)tls between the client and the proxy. However, it appears between the proxy ...
Arnout Engelen's user avatar
Arnout Engelen
  • 121
0 votes
2 answers
3k views

PHP8 ldap_bind : Error -1 Can't contact LDAP server

I m on almalinux 8.7 with PHP8. Test ldapsearch with TLS is ok ldapsearch -H ldap://xxxx -x -ZZ /etc/pki/tls/certs/xxxx.pem -D 'xxxxx' -w 'xxxx' -b 'cn=xxx,cn=users,dc=xxx,dc=xxxx' But ldap_bind won'...
Alex Lum's user avatar
Alex Lum
  • 165
0 votes
1 answer
2k views

sendmail does not issue STARTTLS when acting as a client

I'm having problems relaying to servers that whise mail is routed through mimecast. Connections are being rejected with the message: 553 This route requires encryption (TLS) - https://community....
Alien Life Form's user avatar
Alien Life Form
  • 2,328
1 vote
1 answer
2k views

Mail server sending to postfix refusing TLS connection with "certificate expired", but it's not

Since April 30, I'm seeing errors like that in my mail log: May 1 02:27:27 afaron postfix/smtpd[2644268]: connect from r137.info.hofer.at[66.117.17.137] May 1 02:27:27 afaron postfix/smtpd[2644268]: ...
Tobias Leupold's user avatar
Tobias Leupold
  • 173

15 30 50 per page
1
2 3 4 5
8