Hello all,

First of all, many thanks to the makers of Mailcow, the product is just great.

I would like to establish Mailcow at a customer’s company and am testing everything on my internal
network, which is basically no problem.

Mailcow-Dockerized is running on a Debian server via KVM.
Also running here is a Ciphermail encryption appliance.

The appliance fetches mail from the smarthost via fetchmail and forwards it to Mailcow.
The appliance is registered in Mailcow as a ‘forwarding host’.

Mailcow sends mail through the appliance.
The appliance is set up under ‘Sender dependent transport maps’.

So actually everything should be received ( fetchmail ) and sent via the appliance.
( This has certain reasons, I can explain gladly another time )

It all worked until I noticed that my outgoing mails could not be verified in the destination and therefore ended up in SPAM, but arrived.

Thereupon I made the following change in the appliance

On the appliance / master.cf

-o smtp_tls_wrappermode=no
-o smtp_tls_security_level=none

On the appliance / main.cf
smtp_tls_security_level = encryption
smtp_tls_wrappermode = yes

Wonderful! Now my outgoing mails are also verified in the destination and don’t end up in spam anymore.

However, my mails from the appliance cannot be sent to Mailcow anymore,
because the communication seems to be broken.

Error messages from appliance mail.log when fetching new mails
( 192.168.1.100 = mailcow )
SSL_connect error to 192.168.1.100[192.168.1.100]:25: -1
warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332
status=deferred (Cannot start TLS: handshake failure)

The way I guess it, I forced the use of TLS by my change,
but probably have problems with the certificate.

How can I disable authentication via TLS internally to Mailcow, or
what else can I do?
I would be happy to provide more info.

Thanks for your support!


  • Hello everyone,

    I have solved the problems I had.

    1. It was not needed to use the wrappermode, I simply had to use the Port 587 in direction to my smarthost.

    2. And the second problem was an untrusted tls connection between my ciphermail gateway and mailcow. I solved it with adding a proper certificate with a trusted CA.
      It is described in the docs.

I really dont want to push anything, but I m wondering with over 240 reads noone has an idea or tip for me?
Are my questions not understandable, or is the information I gave not enough?

Maybe I can breakdown my thread into two questions.

How do I send mails from my appliance ( another postfix ) to mailcow over plain port 25 after I made the changes I talked about in my thread( see pictures please, did enable wrappermode and set security level to encrypt )

or
how do I send mails over my appliance coming from mailcow without these settings ( wrappermode, tls encrypt ), but not having my mails in spam after that?

I am aware of that this is not a typically mailcow only question, but I think everyone that handles with mailserver and that has knowledge of this topic ( comletely in contrast to me ) may answer this question.

Thanks for any help

Have something to say?

Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

12 days later

Hello everyone,

I have solved the problems I had.

  1. It was not needed to use the wrappermode, I simply had to use the Port 587 in direction to my smarthost.

  2. And the second problem was an untrusted tls connection between my ciphermail gateway and mailcow. I solved it with adding a proper certificate with a trusted CA.
    It is described in the docs.

No one is typing