Email Server setup

#1

[/details]

Nextcloud version _ 15.0.5
Operating system and version : UB18.04 lxc on ProxMox 5.3-12
LEMP Stack
PHP version _:7.3
iRedMail server 0.9.9

Trying to the server email notification setup in Administration.Basic Settings.
php debug is as follows:

A problem occurred while sending the email. Please revise your settings. (Error: Unable to connect with TLS encryption
Log data: ++ Starting Swift_SmtpTransport << 220 mail.mydomain.com ESMTP Postfix

EHLO [127.0.0.1]
<< 250-mail.mydomain.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8

STARTTLS
<< 220 2.0.0 Ready to start TLS
!! Unable to connect with TLS encryption (code: 0))

The EHLO looks suspicious, shouldn’t that be something else?

As a matter of supporting information. The user account setup for the NC administrator has an email account and the NC email client works (sends and receives mail) with these creds and server settings.

Additionally other email clients are working with the mail server.

0 Likes

#2

Okay, so walking through the debug commands via telnet gets me up to the point where the response is:
220 2.0.0 Ready to start TLS

So where is the "!!Unable to connect… " coming from?

0 Likes

#3

Due to the fact that your server announces the availability of TLS (“Transport Layer Security”) encrypted sessions, but an error appears when doing so, I would try to make sure that this problem is fixed first.
Your email server should reply with a valid TLS certificate for “mail.mydomain.com” when accessing the server. This test can by done by e.g. using the openssl command line tool as described here:

0 Likes

#4

Ah, self-signed certs don’t work?

0 Likes

#5

Afaik, it should work. But you have to make sure that the root certificate of your own CA exists on your local server so that the certificate chain can be verified correctly.
Please keep in mind it isn’t a good idea to use a self-signed certificate if you’re going to announce the availability of TLS to the public internet, because no-one would be able to verify the certificate chain.

0 Likes