Hi
I was wondering if someone could shed some light on the issue im having, Currently i have reverse proxy SWAG which has the wildcard letsencrypt, and on the host i have Mailcow. I also tried the following
https://docs.mailcow.email/post_installation/firststeps-ssl/#the-lets-encrypt-subjectaltname-limit-of-100-domains
https://docs.mailcow.email/post_installation/firststeps-rp/#nginx
I created the reverse proxy and the script to copy the SSL keys to mailcow but cant seem to login on outlook 2013
i worked on outlook 2021 so not sure what could be the issue?
the log i was checking is
But though webmail works fine on SOGO
Dec 11 17:52:18 2970c092c8e2 dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (no auth attempts in 0 secs): user=<>, rip=192.168.7.254, lip=172.22.1.250, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
This is the script
#!/bin/bash
cp /swag/keys/letsencrypt/fullchain.pem /mail/mailcow-dockerized/data/assets/ssl/cert.pem
cp /swag/keys/letsencrypt/privkey.pem /mail/mailcow-dockerized/data/assets/ssl/key.pem
postfix_c=$(docker ps -qaf name=postfix-mailcow)
dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
nginx_c=$(docker ps -qaf name=nginx-mailcow)
docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
This is my NGINX config
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mail.* autodiscover.* autoconfig.*;
# Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /config/keys/letsencrypt/fullchain.pem;
# Diffie-Hellman Parameters
ssl_dhparam /config/nginx/dhparams.pem;
# Enable TLS 1.3 early data
ssl_early_data on;
client_max_body_size 0;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations
# An example config is given below
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA;
ssl_prefer_server_ciphers off;
location /Microsoft-Server-ActiveSync {
proxy_pass http://mailcowdockerized-nginx-mailcow-1:1234/Microsoft-Server-ActiveSync;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 75;
proxy_send_timeout 3650;
proxy_read_timeout 3650;
proxy_buffers 64 512k; # Needed since the 2022-04 Update for SOGo
client_body_buffer_size 512k;
client_max_body_size 0;
}
location / {
include /config/nginx/resolver.conf;
set $upstream_app mailcowdockerized-nginx-mailcow-1;
set $upstream_port 1234;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
# The following Proxy Buffers has to be set if you want to use SOGo after the 2022-04 (April 2022) Update
# Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537
proxy_buffer_size 128k;
proxy_buffers 64 512k;
proxy_busy_buffers_size 512k;
}
}
Thank you