Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Cannot connect with TSL/SSL

    FreeScout
    9
    32
    1211
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jordanurbs
      jordanurbs last edited by

      Trying to use a Cloudron mailbox for this.

      Outgoing: I've tried using PHP mail() function as well as manually inserting the Mailgun SMTP details on all 3 ports with either SSL or TSL and nothing will send.

      With PHP mail() selected it tells me to check the logs. This is there in the cloudron app logs but nothing else looks out of place:

      sh: 1: /usr/sbin/sendmail: not found
      

      And with Mailgun selected I get one of the following depending on which port and if SSL or TSL is selected

      stream_socket_enable_crypto(): Peer certificate CN=`*.mailgun.org' did not match expected CN=`smtp.mailgun.com'
      

      OR

      Connection could not be established with host smtp.mailgun.com [ #0]
      

      Doesn't feel like a Mailgun issue as I'm not having issues sending mail elsewhere. When I select Mailgun with no encryption, the test email is successful.

      jimcavoli girish 2 Replies Last reply Reply Quote 0
      • subven
        subven last edited by

        Have you checked the docs? Only SMTP works.

        Can you post your SMTP configuration (maybe censoring personal details like domain names)?

        jordanurbs 1 Reply Last reply Reply Quote 0
        • jimcavoli
          jimcavoli App Dev @jordanurbs last edited by

          @jordanurbs That looks an issue with the TLS implementation underpinning the mail function using peer matching that is too strict/dumb on the hostname. They're using a wildcard cert and for whatever reason PHP is balking at the * wildcard and expecting that to literally be the hostname. This was a known bug in PHP like 7 years ago, but shouldn't be a contemporary problem. What version of PHP are you using?

          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff @jordanurbs last edited by

            @jordanurbs If you are using a Cloudron mailbox, then you only need to put in Cloudron credentials and not mailgun credentials. Mailgun credentials (I assume for relay?) can be set in Email -> select domain -> outbound mail.

            I have added screenshots for Cloudron email configuration in freescout here - https://docs.cloudron.io/apps/freescout/#cloudron-mailbox

            1 Reply Last reply Reply Quote 1
            • jordanurbs
              jordanurbs @subven last edited by

              @subven the docs say this:

              For sending emails of a specific mailbox, the STMP method has to be selected as php mail() or sendmail wont work on Cloudron.
              

              @jimcavoli the Cloudron default, looks like 7.3

              @girish this took care of it. Thanks for adding that to the docs, makes everything much simpler

              1 Reply Last reply Reply Quote 1
              • jimcavoli
                jimcavoli App Dev last edited by

                Yeah, I think I misinterpreted your question a little - glad you're all set though!

                1 Reply Last reply Reply Quote 0
                • T
                  TestDesk last edited by

                  Good day @all

                  I hope you are well. I am happy to be with you and to work with you on solutions and feedbacks.

                  Currently, I have the following problem, short summary:

                  • FreeScout installed and mailbox set up - works.
                  • Checked email settings (system) with a test email - works
                  • Mailbox set up for incoming email - works

                  Now the problem:
                  Sending an e-mail via the mailbox (SMTP) does not work.

                  The following error message appears:

                  Expected response code 220 but got code "500", with message "500 Unrecognised command"
                  

                  Bildschirmfoto 2021-03-06 um 10.40.50.png

                  I have checked the settings for SMTP several times. With the same settings I was able to set up Thunderbrid without any problems.

                  I took my settings from the official description, see screenshot.

                  SMTP settings

                  What I noticed:
                  As soon as I set the encryption from TLS to NONE, the sending works.

                  Is it a BUG or have I overlooked something?

                  Thanks in advance for your help.

                  nebulon girish 2 Replies Last reply Reply Quote 0
                  • nebulon
                    nebulon Staff @TestDesk last edited by

                    @testdesk your settings do seem to be ok, we use the same settings on our FreeScout instance just fine.

                    Do you have any additional plugins installed in FreeScout? Generally if encryption set to None, it should still perform StartTLS upon connection so you should still be fine there. However I do wonder what the difference might be here.

                    Are there any further hints in the FreeScout log view? (the one built into FreeScout itself)

                    T 1 Reply Last reply Reply Quote 0
                    • T
                      TestDesk @nebulon last edited by

                      Hello @nebulon
                      Wow! That's a reaction time 👍

                      I don't have any plugins installed.

                      The log from FreeScout shows the following (The last 4 entries):

                      Last 4 entries

                      Can I look somewhere to see if StartTLS was really used?

                      THX

                      imc67 1 Reply Last reply Reply Quote 0
                      • imc67
                        imc67 translator @TestDesk last edited by

                        @testdesk on two FreeScout instances I use this:

                        SMTP: mail
                        Port: 2525
                        Encryption: no

                        T 1 Reply Last reply Reply Quote 0
                        • T
                          TestDesk @imc67 last edited by

                          Hello @imc67

                          Unfortunately, this does not work for the mailboxes, but only for the system settings, at least not for me.

                          I just tried it, error. I know the settings, they also work with Wordpress and Nextcloud very fine.

                          THX

                          nebulon 1 Reply Last reply Reply Quote 0
                          • nebulon
                            nebulon Staff @TestDesk last edited by

                            @testdesk hm so also not really more information from FreeScout on the error.
                            Freescout does not have the Cloudron mail addon enabled, since a common use-case is to use external mailboxes as well. This is why it is correct to use the regular mailserver domain in this case my.example.com

                            @girish can correct me if I am wrong here, but I don't think the mail server even allows non secure transfer anyways, so if encyption set to "no" it is fine as well.

                            Still I have to see if I can reproduce this with a new FreeScout instance against the Cloudron mail server later today.

                            1 Reply Last reply Reply Quote 0
                            • girish
                              girish Staff @TestDesk last edited by

                              @testdesk Setting encryption to NONE is correct setting when FreeScout is installed on the same server as Cloudron mail. When FreeScout is installed in another server, then you have to use TLS.

                              The reason is a bit esoteric. Internally, Cloudron uses containers and the mail container is called 'mail'. Many apps don't work properly if you try to connect with the hostname as 'mail' but the TLS certificate says 'my.domain.com' (because of hostname mismatch). So, for historic reasons, we do not enable TLS for connection within the server itself. In this case, FreeScout is in same server as mail server and thus TLS option is not available. This is totally safe because the full connection is within the server. If you move your freescout to another server, then remember to put it to TLS.

                              1 Reply Last reply Reply Quote 0
                              • girish
                                girish Staff last edited by

                                I have put a doc note here - https://docs.cloudron.io/apps/freescout/#cloudron-mailbox

                                ianhyzy 1 Reply Last reply Reply Quote 1
                                • ianhyzy
                                  ianhyzy @girish last edited by

                                  @girish I've copied the info from the screenshot here (Freescout and cloudron are on the same machine; mailgun is configured as the outbound SMTP provider in Cloudron settings; there are two mail-enabled domains) but I'm getting an error about the port being closed:

                                  e5e07995-31b8-4b48-bf1a-9e2159442304-image.png
                                  87ee3de7-b9e4-41e3-a916-a799d2414df2-image.png

                                  Could this be my firewall/ISP or did I misconfigure something?

                                  micmc girish 2 Replies Last reply Reply Quote 0
                                  • micmc
                                    micmc @ianhyzy last edited by

                                    @ianhyzy Try PORT 2525 with TLS/SSL encryption 😉

                                    Andy


                                    https://marketingtechnology.agency
                                    For cutting edge web technologies

                                    ianhyzy 1 Reply Last reply Reply Quote 0
                                    • ianhyzy
                                      ianhyzy @micmc last edited by

                                      @micmc Got the same port blocked error with that:

                                      617a032e-deae-4253-9605-0190f339352f-image.png

                                      micmc 1 Reply Last reply Reply Quote 0
                                      • micmc
                                        micmc @ianhyzy last edited by

                                        @ianhyzy Try NO encryption?


                                        https://marketingtechnology.agency
                                        For cutting edge web technologies

                                        ianhyzy 1 Reply Last reply Reply Quote 0
                                        • ianhyzy
                                          ianhyzy @micmc last edited by

                                          @micmc same error 😞

                                          micmc 1 Reply Last reply Reply Quote 0
                                          • micmc
                                            micmc @ianhyzy last edited by

                                            @ianhyzy I'm guessing your 'mail' mx is the cloudron one and that ALL email settings are enabled and GREEN for the domain you use for your FreshScout?


                                            https://marketingtechnology.agency
                                            For cutting edge web technologies

                                            ianhyzy 1 Reply Last reply Reply Quote 0
                                            • ianhyzy
                                              ianhyzy @micmc last edited by

                                              @micmc Yup, green light and works with other apps

                                              micmc 1 Reply Last reply Reply Quote 0
                                              • micmc
                                                micmc @ianhyzy last edited by

                                                @ianhyzy I meant the status like this for the specific domain
                                                alt text


                                                https://marketingtechnology.agency
                                                For cutting edge web technologies

                                                ianhyzy 1 Reply Last reply Reply Quote 0
                                                • ianhyzy
                                                  ianhyzy @micmc last edited by

                                                  @micmc yup, all good:

                                                  2364a80b-2404-430f-9c45-3b837e95a8b9-image.png

                                                  micmc 1 Reply Last reply Reply Quote 0
                                                  • girish
                                                    girish Staff @ianhyzy last edited by

                                                    @ianhyzy said in Cannot connect with TSL/SSL:

                                                    Could this be my firewall/ISP or did I misconfigure something?

                                                    Yes, most likely. Is port 587 open in your firewall ? Also, if this server is at home, do you have loopback NAT working on your router?

                                                    ianhyzy micmc 3 Replies Last reply Reply Quote 0
                                                    • micmc
                                                      micmc @ianhyzy last edited by

                                                      @ianhyzy Your SMTP outbound is set as RELAY not as DIRECT this is something I was wondering because normally Cloudron should sety this automatically at installation time if your SMTP status is set. It seems to me that it might means you've set an outbound SMTP service on this domain and you now try to use the direct settings.


                                                      https://marketingtechnology.agency
                                                      For cutting edge web technologies

                                                      ianhyzy 1 Reply Last reply Reply Quote 0
                                                      • ianhyzy
                                                        ianhyzy @micmc last edited by ianhyzy

                                                        @micmc yeah I have mailgun set as the outbound SMTP server, but I get similar errors when I try to use mailgun directly. I would screenshot the error but it's a stack trace that takes up the whole screen

                                                        micmc 1 Reply Last reply Reply Quote 0
                                                        • ianhyzy
                                                          ianhyzy @girish last edited by

                                                          @girish I have 587 port forwarded and no, I need to look into NAT loopback

                                                          1 Reply Last reply Reply Quote 0
                                                          • micmc
                                                            micmc @ianhyzy last edited by

                                                            @ianhyzy Yeah, that's what I thought. Try to use default SMTP (no mailgun) on the domain and then use the same settings on the app. OR the contrary on both as well. The same SMTP for the domain and the app.


                                                            https://marketingtechnology.agency
                                                            For cutting edge web technologies

                                                            1 Reply Last reply Reply Quote 0
                                                            • ianhyzy
                                                              ianhyzy @girish last edited by

                                                              @girish I use a Unifi UDM-PRO at home and from what I can tell hairpin / NAT Loopback is enabled by default, and I don't recall ever disabling it

                                                              ianhyzy 1 Reply Last reply Reply Quote 0
                                                              • micmc
                                                                micmc @girish last edited by

                                                                @girish He'd set mailgun as his default SMTP relay on the outbound mail for the domain, but apparently the app installed with default SMTP assumption?

                                                                Will apps install with the SMTP relay set on domain's outbound mail, or it will they still assume the default settings, even if a relay is set before apps installation?


                                                                https://marketingtechnology.agency
                                                                For cutting edge web technologies

                                                                1 Reply Last reply Reply Quote 0
                                                                • ianhyzy
                                                                  ianhyzy @ianhyzy last edited by

                                                                  @ianhyzy of course I tried Mailgun again and it seems to have worked - I must have had something off earlier. It seems to be taking the inbox a little longer than I thought to receive messages but they are coming in.

                                                                  ianhyzy 1 Reply Last reply Reply Quote 0
                                                                  • ianhyzy
                                                                    ianhyzy @ianhyzy last edited by

                                                                    @ianhyzy so it looks like I spoke too soon- the test email came in, but the email I sent from my Gmail account never appeared

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • First post
                                                                      Last post
                                                                    Powered by NodeBB