Nextcloud Email server need fully-qualified hostname

example

longer
example
here

Nextcloud version (eg, 20.0.5): 23.0.2
Operating system and version (eg, Ubuntu 20.04): Debian GNU/Linux 10. 5.10.63-v8+ (aarch64)
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.28
PHP version (eg, 7.4): 7.4.28

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N): N

Steps to replicate it:

1. want to use the integrated E-mail server to eg. sent password reset mails
2. tried every settings
3. it works when sending it to protonmail but not when sending it to “tutanota.de” mail

I contacted the tutanota team because I thought its getting blocked. They sent me this log:

Oct 27 23:07:13 w1 tutadb-prod/smtpd[34874]: NOQUEUE: reject: RCPT from i5A75AB19.versanet.de[92.117.123.12]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from=<mailname@my.server.com> to=<mymail@tutanota.de> proto=ESMTP helo=

They also told me to “Please check the domain and hostnames for your Nextcloud server to fix this issue.”

I have no idea what to do. Does anyone has an idea?
Thanks a lot (:

well if you would show us your config.php I think we would get closer to the problem. Be careful to remove sensitive data from it before posting.

But maybe the problem is that NC itself doesn’t include a mailserver of it’s own. It’s more like a mailclient.

So usually you’d need to enter all the data and settings for your external mailbox to the email-section of your serversetup (under admin).
like you have an account at - say - example.edu. e.g. alex.muller@example.edu - then you’d need to find out which smtp-address example.edu has (as well as it’s port and it’s enchryption) and after entering these and your login-name and password it should work.

Password reset mails will be sent by that address then.

is SMTP protocol error when sending mail. The receiving mail server expects "helo fqdn.of.the.client" but the sender just sends "helo".

from RFC2821:

These commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the SMTP client if one is available. In situations in which the SMTP client system does not have a meaningful domain name (e.g., when its address is dynamically allocated and no reverse mapping record is available), the client SHOULD send an address literal (see section 4.1.3), optionally followed by information that will help to identify the client system. The SMTP server identifies itself to the SMTP client in the connection greeting reply and in the response to this command.

I’m not aware of any settings of Nextcloud mail send process you could adopt HELO message. try checking github issues and maybe file new one.

The odd thing is that protonmail receives the mail with these settings.
Tutanota does not support smtp because it is not secure enough.

<?php
$CONFIG = array (
  'passwordsalt' => 'removed',
  'secret' => 'removed',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'removed',
    2 => 'removed',
    14 => 'nextcloudpi',
    3 => 'removed',
    11 => 'removed',
  ),
  'datadirectory' => '/media/data/ncdata',
  'dbtype' => 'mysql',
  'default_phone_region' => '',
  'version' => '23.0.2.1',
  'overwrite.cli.url' => 'https://removed/',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'removed',
  'dbpassword' => 'removed',
  'installed' => true,
  'instanceid' => 'removed',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
    'password' => 'removed',
  ),
  'tempdirectory' => '/media/data/ncdata/tmp',
  'mail_smtpmode' => 'sendmail',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_from_address' => 'removed',
  'mail_domain' => 'removed.myserveradress.del',
  'preview_max_x' => '2048',
  'preview_max_y' => '2048',
  'jpeg_quality' => '60',
  'overwriteprotocol' => 'https',
  'loglevel' => '2',
  'log_type' => 'file',
  'maintenance' => false,
  'theme' => '',
  'logfile' => '/media/data/ncdata/nextcloud.log',
  'mail_sendmailmode' => 'smtp',
  'htaccess.RewriteBase' => '/',
  'encryption.legacy_format_support' => false,
  'encryption.key_storage_migrated' => false,

  'app_install_overwrite' =>
  array (
    0 => 'ocsms',
    1 => 'cookbook',
    2 => 'passwords',
    3 => 'whiteboard',
    4 => 'previewgenerator',
    5 => 'breezedark',
    6 => 'nextcloudpi',
    7 => 'apporder',
    8 => 'deck',
    9 => 'health',
    10 => 'twofactor_totp',
    11 => 'event_update_notification',
  ),
  'data-fingerprint' => 'removed',
  'twofactor_enforced' => 'true',
  'twofactor_enforced_groups' =>
  array (
    0 => 'Guest',
  ),
  'twofactor_enforced_excluded_groups' =>
  array (
    0 => 'admin',
  ),
);

@citizenserious Please read this
Can you post your settings?
I think in config/config.php they are not complete.

My settings:

  'mail_from_address' => 'username',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'server.tld',
  'mail_smtphost' => 'servername.tld',
  'mail_smtpport' => '587',
  'mail_smtpsecure' => 'tls',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'user@server.tld',
  'mail_smtppassword' => 'password',

I noticed it. Changed it already.

It is at all possible to mail from you local address (*.versatel.de)? My mail provider does not allow it because of spam mails. Can or must you not use the socket from your destination mailserver with user/password authentication?

I have no idea. I just configured this in settings:

I did not do anything else but provide my E-Mail in the “personal info” settings.
I have read in the configuration documentation you provided that I need to have a mailserver on my local server when using “sendmail”. I thought this would be implemented in nextcloud, it sends out emails with success and e.g. protonmail does also recieve it. I think I’m fundamentally misunderstanding something here.

Yes. But you do not really need “Sendmail”.
You can change the send mode to “SMTP”.
Also i think tutanota.de supports STARTTLS.
Perhaps also SSL/TLS.

I found “w1.tutanota.de” on this side “https://de.ssl-tools.net/mailservers/tutanota.com”

I recieve E-Mails now with these settings! Awesome! Thank you so very much.
I still do not understand it but if it works I am fine for now

Have you set Encryption STARTLS or TLS/SSL?
I can not see it in the screenshot.

I tried both SSL/TLS ans STARTLS, when I activate it, I get this Error for SSL/TLS settings:

A problem occurred while sending the email. Please revise your settings. (Error: Connection could not be established with host w1.tutanota.de :stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1408F10B:SSL routines:ssl3_get_record:wrong version number)

and this one for STARTLS:

A problem occurred while sending the email. Please revise your settings. (Error: Unable to connect with TLS encryption)

If found the server mail.tutanota.de for you. Test this server.

https://de.ssl-tools.net/mailservers/tutanota.de
Network Tools: DNS,IP,Email

Awesome! This server works with STARTLS (:

and i thought the provider only allows encrypted emails.

SMTP, the core protocol of email is actually a very simple and decentralized protocol and in theory you can send emails from any IP address to any other IP address or email address with a simple mail tool like sendmail.

In practice, however, these mails will never arrive because most mail servers will simply reject mails, coming from some random server on the internet. And even with a properly configured fully fledged email server with all the DNS shenanigans you have to do nowdays in place, you can sometimes have a hard time to get the big players like e.g. MS or Google to accept your emails or not to mark them as spam. Also emails coming from dynamic residental IPs usually get blocked / rejected by default and even if you have a static IP, there is a high possibility that this IP is on one or multiple blacklists.

So the easiest way for a home user or even businesses to send emails reliably, is using an SMTP server / email account of a well established commercial email provider, like you do now. Or if you have a very high volume of notification emails, you could consider using a service like Sendgrid or similiar.

Aha, so tutanota did actually block it and protonmail did not? So my original assumption was not wrong?
Because I used my local sendmail server directly and now the notification mails get redirected via the tutanota server.

I just wonder how its possible to use the mail.tutanota.de (for example) without any login data for a account or something, so my server is still sending it somehow directly without getting checkt if it is spamming around.

Thanks a lot for the enlightenment

I guess so. And I don’t know why it works with Protonmail, but you’re right. I tested this by sending an email from one of my test servers to my Protonmail account via command line and it actually got through. Although it went to the spam folder in my case.

That’s very unlikely that somebody will offer that. 25 Years ago there were smtp servers out there which you could use without any authentifcation. For example the one of my ISP. But I guess a provider who woud offer something like that today, would probably be on every possible blocklist within the blink of an eye…

I actually did not use any login credentials for it to work. So that’s odd, but I noticed that I cannot send E-mails to other providers with these settings, so that’s probably blocked, but that’s okay for me.

Please ask your e-mail provider. Especially if he attaches so much importance to security. You can also send him the link to this thread.