1

Topic: Weird problem with TLS

The Unifi UDMP/UDMSE has a problematic email client.  Some people just disable STARTTLS on it which works but I've been playing and found that if I configure one to send to my iRedMail server from the WAN it works but if I use the LAN the connection drops after CONNECT or STARTTLS depending on whether I'm using 587 or 465.

My cert is valid (from Let's Encrypt) and non-UDMP/UDMSE systems can send on the LAN just fine using STARTTLS.

So my question is a general one on iRedMail which is does the cert handling change on whether it comes in from a network on mynetworks or not?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Weird problem with TLS

Try to use "fullchain.pem" instead of "cert.pem" offered by Let's Encrypt in Postfix/Dovecot/Nginx.

3

Re: Weird problem with TLS

ZhangHuangbin wrote:

Try to use "fullchain.pem" instead of "cert.pem" offered by Let's Encrypt in Postfix/Dovecot/Nginx.

I changed from cert.pem to fullchain.pem in Postfix and Dovecot and it didn't help.  The UDM SE and Pro can't send on the LAN but can on the WAN.

4

Re: Weird problem with TLS

dittman wrote:

but if I use the LAN the connection drops after CONNECT or STARTTLS depending on whether I'm using 587 or 465.

Do you use private IP address as smtp server address?

5

Re: Weird problem with TLS

ZhangHuangbin wrote:
dittman wrote:

but if I use the LAN the connection drops after CONNECT or STARTTLS depending on whether I'm using 587 or 465.

Do you use private IP address as smtp server address?

Yes.