1 (edited by pschulz 2015-09-14 19:31:54)

Topic: Default Installation not advertising TLS?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.8.3
- Linux/BSD distribution name and version: Ubuntu 12.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? yes
- Related log if you're reporting an issue:
====

I got a warning from http://mxtoolbox.com that my mail server, powered by iRedMail, does not support TLS.

Yet, at the same time, all my users connect via STARTTLS to both MTA and MDA services, so it works perfectly.

mxtoolbox refers to what is advertised in the SMTP banner. They say:

"Your SMTP email server does advertise support for TLS.  After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which commands and protocols it supports. Your server's response did not include "250-STARTTLS" indicating TLS support."

Transcript: EHLO PWS3.mxtoolbox.com
Transcript: 250-(domain name)
Transcript: 250-PIPELINING
Transcript: 250-SIZE 15728640
Transcript: 250-ETRN
Transcript: 250-XXXXXXXA
Transcript: 250-AUTH PLAIN LOGIN
Transcript: 250-AUTH=PLAIN LOGIN
Transcript: 250-ENHANCEDSTATUSCODES
Transcript: 250-8BITMIME
Transcript: 250 DSN [750 ms]

My install is a default install, I have not changed settings.

The file "main.cf" contains the usual TLS line:

   smtpd_tls_security_level = may

So it should be all fine.

Note:
Trying to connect directly on the server via telnet to localhost, the iRedMail server advertises "250-STARTTLS" allright. When attempting to connect from a remote server, however, it does NOT advertise it. The problem only occurs when connecting from a remote server outside my local network.

So it seems to relate to some domain setting which is "allowed" to use TLS.
Where do I set this? I have not found such a setting.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Default Installation not advertising TLS?

pschulz wrote:

So it seems to relate to some domain setting which is "allowed" to use TLS.
Where do I set this? I have not found such a setting.

iRedMail doesn't have such setting.

pschulz wrote:

   smtpd_tls_security_level = may

According to Postfix document, this setting is enough:
http://www.postfix.org/postconf.5.html# … rity_level

no idea why it doesn't work for you.