Hello all,
First of all, many thanks to the makers of Mailcow, the product is just great.
I would like to establish Mailcow at a customer’s company and am testing everything on my internal
network, which is basically no problem.
Mailcow-Dockerized is running on a Debian server via KVM.
Also running here is a Ciphermail encryption appliance.
The appliance fetches mail from the smarthost via fetchmail and forwards it to Mailcow.
The appliance is registered in Mailcow as a ‘forwarding host’.
Mailcow sends mail through the appliance.
The appliance is set up under ‘Sender dependent transport maps’.
So actually everything should be received ( fetchmail ) and sent via the appliance.
( This has certain reasons, I can explain gladly another time )
It all worked until I noticed that my outgoing mails could not be verified in the destination and therefore ended up in SPAM, but arrived.
Thereupon I made the following change in the appliance
On the appliance / master.cf
…
-o smtp_tls_wrappermode=no
-o smtp_tls_security_level=none
On the appliance / main.cf
smtp_tls_security_level = encryption
smtp_tls_wrappermode = yes
Wonderful! Now my outgoing mails are also verified in the destination and don’t end up in spam anymore.
However, my mails from the appliance cannot be sent to Mailcow anymore,
because the communication seems to be broken.
Error messages from appliance mail.log when fetching new mails
( 192.168.1.100 = mailcow )
SSL_connect error to 192.168.1.100[192.168.1.100]:25: -1
warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332
status=deferred (Cannot start TLS: handshake failure)
The way I guess it, I forced the use of TLS by my change,
but probably have problems with the certificate.
How can I disable authentication via TLS internally to Mailcow, or
what else can I do?
I would be happy to provide more info.
Thanks for your support!