Solved Cannot connect with TSL/SSL

jordanurbs

Trying to use a Cloudron mailbox for this.

Outgoing: I've tried using PHP mail() function as well as manually inserting the Mailgun SMTP details on all 3 ports with either SSL or TSL and nothing will send.

With PHP mail() selected it tells me to check the logs. This is there in the cloudron app logs but nothing else looks out of place:

sh: 1: /usr/sbin/sendmail: not found

And with Mailgun selected I get one of the following depending on which port and if SSL or TSL is selected

stream_socket_enable_crypto(): Peer certificate CN=`*.mailgun.org' did not match expected CN=`smtp.mailgun.com'

OR

Connection could not be established with host smtp.mailgun.com [ #0]

Doesn't feel like a Mailgun issue as I'm not having issues sending mail elsewhere. When I select Mailgun with no encryption, the test email is successful.

subven

Have you checked the docs? Only SMTP works.

Can you post your SMTP configuration (maybe censoring personal details like domain names)?

jimcavoli

@jordanurbs That looks an issue with the TLS implementation underpinning the mail function using peer matching that is too strict/dumb on the hostname. They're using a wildcard cert and for whatever reason PHP is balking at the * wildcard and expecting that to literally be the hostname. This was a known bug in PHP like 7 years ago, but shouldn't be a contemporary problem. What version of PHP are you using?

girish

@jordanurbs If you are using a Cloudron mailbox, then you only need to put in Cloudron credentials and not mailgun credentials. Mailgun credentials (I assume for relay?) can be set in Email -> select domain -> outbound mail.

I have added screenshots for Cloudron email configuration in freescout here - https://docs.cloudron.io/apps/freescout/#cloudron-mailbox

jordanurbs

@subven the docs say this:

For sending emails of a specific mailbox, the STMP method has to be selected as php mail() or sendmail wont work on Cloudron.

@jimcavoli the Cloudron default, looks like 7.3

@girish this took care of it. Thanks for adding that to the docs, makes everything much simpler

jimcavoli

Yeah, I think I misinterpreted your question a little - glad you're all set though!

TestDesk

Good day @all

I hope you are well. I am happy to be with you and to work with you on solutions and feedbacks.

Currently, I have the following problem, short summary:

• FreeScout installed and mailbox set up - works.
• Checked email settings (system) with a test email - works
• Mailbox set up for incoming email - works

Now the problem:
Sending an e-mail via the mailbox (SMTP) does not work.

The following error message appears:

Expected response code 220 but got code "500", with message "500 Unrecognised command"

I have checked the settings for SMTP several times. With the same settings I was able to set up Thunderbrid without any problems.

I took my settings from the official description, see screenshot.

What I noticed:
As soon as I set the encryption from TLS to NONE, the sending works.

Is it a BUG or have I overlooked something?

Thanks in advance for your help.

nebulon

@testdesk your settings do seem to be ok, we use the same settings on our FreeScout instance just fine.

Do you have any additional plugins installed in FreeScout? Generally if encryption set to None, it should still perform StartTLS upon connection so you should still be fine there. However I do wonder what the difference might be here.

Are there any further hints in the FreeScout log view? (the one built into FreeScout itself)

TestDesk

Hello @nebulon
Wow! That's a reaction time

I don't have any plugins installed.

The log from FreeScout shows the following (The last 4 entries):

Can I look somewhere to see if StartTLS was really used?

THX

imc67

@testdesk on two FreeScout instances I use this:

SMTP: mail
Port: 2525
Encryption: no

TestDesk

Hello @imc67

Unfortunately, this does not work for the mailboxes, but only for the system settings, at least not for me.

I just tried it, error. I know the settings, they also work with Wordpress and Nextcloud very fine.

THX

nebulon

@testdesk hm so also not really more information from FreeScout on the error.
Freescout does not have the Cloudron mail addon enabled, since a common use-case is to use external mailboxes as well. This is why it is correct to use the regular mailserver domain in this case my.example.com

@girish can correct me if I am wrong here, but I don't think the mail server even allows non secure transfer anyways, so if encyption set to "no" it is fine as well.

Still I have to see if I can reproduce this with a new FreeScout instance against the Cloudron mail server later today.

girish

@testdesk Setting encryption to NONE is correct setting when FreeScout is installed on the same server as Cloudron mail. When FreeScout is installed in another server, then you have to use TLS.

The reason is a bit esoteric. Internally, Cloudron uses containers and the mail container is called 'mail'. Many apps don't work properly if you try to connect with the hostname as 'mail' but the TLS certificate says 'my.domain.com' (because of hostname mismatch). So, for historic reasons, we do not enable TLS for connection within the server itself. In this case, FreeScout is in same server as mail server and thus TLS option is not available. This is totally safe because the full connection is within the server. If you move your freescout to another server, then remember to put it to TLS.

girish

I have put a doc note here - https://docs.cloudron.io/apps/freescout/#cloudron-mailbox

ianhyzy

@girish I've copied the info from the screenshot here (Freescout and cloudron are on the same machine; mailgun is configured as the outbound SMTP provider in Cloudron settings; there are two mail-enabled domains) but I'm getting an error about the port being closed:

Could this be my firewall/ISP or did I misconfigure something?

micmc

@ianhyzy Try PORT 2525 with TLS/SSL encryption

Andy

ianhyzy

@micmc Got the same port blocked error with that:

micmc

@ianhyzy Try NO encryption?

ianhyzy

@micmc same error

micmc

@ianhyzy I'm guessing your 'mail' mx is the cloudron one and that ALL email settings are enabled and GREEN for the domain you use for your FreshScout?

ianhyzy

@micmc Yup, green light and works with other apps

micmc

@ianhyzy I meant the status like this for the specific domain

ianhyzy

@micmc yup, all good:

girish

@ianhyzy said in Cannot connect with TSL/SSL:

Could this be my firewall/ISP or did I misconfigure something?

Yes, most likely. Is port 587 open in your firewall ? Also, if this server is at home, do you have loopback NAT working on your router?

micmc

@ianhyzy Your SMTP outbound is set as RELAY not as DIRECT this is something I was wondering because normally Cloudron should sety this automatically at installation time if your SMTP status is set. It seems to me that it might means you've set an outbound SMTP service on this domain and you now try to use the direct settings.

ianhyzy

@micmc yeah I have mailgun set as the outbound SMTP server, but I get similar errors when I try to use mailgun directly. I would screenshot the error but it's a stack trace that takes up the whole screen

ianhyzy

@girish I have 587 port forwarded and no, I need to look into NAT loopback

micmc

@ianhyzy Yeah, that's what I thought. Try to use default SMTP (no mailgun) on the domain and then use the same settings on the app. OR the contrary on both as well. The same SMTP for the domain and the app.

ianhyzy

@girish I use a Unifi UDM-PRO at home and from what I can tell hairpin / NAT Loopback is enabled by default, and I don't recall ever disabling it

micmc

@girish He'd set mailgun as his default SMTP relay on the outbound mail for the domain, but apparently the app installed with default SMTP assumption?

Will apps install with the SMTP relay set on domain's outbound mail, or it will they still assume the default settings, even if a relay is set before apps installation?

ianhyzy

@ianhyzy of course I tried Mailgun again and it seems to have worked - I must have had something off earlier. It seems to be taking the inbox a little longer than I thought to receive messages but they are coming in.

ianhyzy

@ianhyzy so it looks like I spoke too soon- the test email came in, but the email I sent from my Gmail account never appeared