1

Topic: TLS not working

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): ldap
- Web server (Apache or Nginx): apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====

Hello!

I am having problems with TLS since recently. I used the TLS checker of checktls.com and this is the result:

Checking af@domain.tld
looking up MX hosts on domain "domain.tld"
mail.domain.tld (preference:10)
Trying TLS on mail.domain.tld[XXX.XXX.XXX.XXX] (10):
seconds        test stage and result
[000.114]        Connected to server
[000.229]    <--    220 server2.domain.tld ESMTP Postfix
[000.230]        We are allowed to connect
[000.230]    -->    EHLO checktls.com
[000.342]    <--    250-server2.domain.tld
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.343]        We can use this server
[000.343]        TLS is not an option on this server
[000.343]    -->    MAIL FROM:<test@checktls.com>
[000.468]    <--    250 2.1.0 Ok
[000.468]        Sender is OK
[000.469]    -->    RCPT TO:<af@domain.tld>
[000.627]    <--    250 2.1.5 Ok
[000.628]        Recipient OK, E-mail address proofed
[000.628]    -->    QUIT
[000.741]    <--    221 2.0.0 Bye

I use Lets encrypt certificates and get no errors in mail.log (postfix). The only recent change I did was to the DKIM certificates and DNS server to enable DKIM. Do you have any suggestions why this could happen?

Thanks in advance,
Adrian

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: TLS not working

Seems like TLS was not enabled for postfix.

I then set:
smtp_tls_security_level = may

Is that not enabled by default?

3

Re: TLS not working

elagil wrote:

smtp_tls_security_level = may
Is that not enabled by default?

This is enabled in iRedMail-0.9.5-1 by default.

4

Re: TLS not working

Can that become commented out by an update? I was not on 0.9.5-1 since the beginning. Also, there were surely some postfix updates.

5

Re: TLS not working

It's not enabled in early iRedMail release. This might be the reason.

6

Re: TLS not working

ZhangHuangbin wrote:

It's not enabled in early iRedMail release. This might be the reason.

Thanks for the information. Anyway, it is fine now.