[BlueOnyx:26509] Re: SSL error when receiving mail from GMAIL
Michael Stauber
mstauber at blueonyx.it
Sat Sep 23 13:36:35 -05 2023
Hi Larry,
> Hmmm, not sure this will every work - and if it does work with
> Google it will break most other mail servers that try to talk to you.
> Port 25 is the original email port (sendmail) and is no auth, no SSL/TLS
> on purpose. As defined by the IETF, port 465 is the SSL/TLS port for
> sendmail, and port 587 is the authenticated, with SSL/TLS port.
>
> Not withstanding that, your error is no acceptable cipher for you
> and gmail to agree upon. Port 443 is web (http / Apache) and postfix
> is mail. Is it possible that you email is not configured to use the
> keys you created??
In 5210R and 5211R the SSL certificates of Vsites are used for HTTPS in
Apache and/or Nginx. But they are are also tied into Dovecot for POP3
and IMAP as well as into Postfix.
This was also in large part the drive to switch newer BlueOnyx versions
from Sendmail to Postfix, as Postfix supports SNI and Sendmail doesn't.
So if you run a BlueOnyx 5210R or 5211R, have it configured to use
Postfix and have "Enable SMTPS Server" enabled? It will not only use the
GUI's SSL certificate, but also the SSL certificates of all Vsites to
answer to TLS connections.
The SNI Email integration in BlueOnyx is explained here:
Postfix:
https://www.blueonyx.it/news/267/15/5210R-Postfix-SNI-for-email-and-Maildir/
Dovecot:
https://www.blueonyx.it/news/266/15/5209R5210R-SNI-support-added-to-Dovecot/
But yeah, in Arie's case there was something off. His SNI certificates
didn't include validity for the requested domain and there also seems to
have been a protocol/cipher mismatch.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list