Apple Mail SMTP Errors Sonoma 14.2 beta

marshalleq

Is anyone else seeing any issues in this space? It sort of just started happening, I think after 14.2 beta 2. But there is some doubt in my mind that it could be an update on mailcow which was recently updated also. The problem seems a little intermittent but pretty consistent. Same username and password receives email fine.

My suspicion is it’s port / certificate related.

marshalleq

I might have found my own answer to this - not sure yet - but I had turned off the lets encrypt module in mailcow.conf because I have my own external lets encrypt. However, I don’t use the external lets encrypt for SMTP. My assumption is it’s still needed somehow for smtp certificate. Will see if the fix persists or if it’s just coincidence.

esackbauer

THe certificates are not only used for https, mailcow uses them also for SMTP, POP3, IMAP4 etc.etc.
You MUST copy the renewed certificates to your mailcow installation and restart 3 containers:
https://docs.mailcow.email/post_installation/firststeps-ssl/#how-to-use-your-own-certificate

marshalleq

So you’re saying that the concept is to turn off the internal cert within Mailcow and use the external certificate already generated for e.g. webmail.mydomain in my external proxy?

I hadn’t considered this. The main concern I have is the updating of the certificate being that lets encrypt updates every 3 months I think and the means a manual copy unless I can find a way of automating it, or perhaps some kind of certificate share. Am I on the right track?

I’m not 100% sure I should care about certificates getting out of date on the smtp side of things, given that this is just my client to the server right? All the server to server stuff is still 25 for the most part, though I think I read this has moved to an optional negotiation of secure smtp also, is that right? Perhaps that’s what the importance of the certificate is?

Or perhaps I should send SMTP through the external proxy instead of leaving that part direct.

Thanks.

esackbauer

marshalleq Am I on the right track?

yes, if you use a share, you still need to restart the 3 containers to make the renewed certificates to work.

marshalleq should care about certificates getting out of date on the smtp side of things

You must also renew the certificate for SMTP. Port 25 and and STARTTLS is used with gmail and others, so if you have an expired certificate they might stop to send mails to your server. Same applies with sending mails.

Maybe you rethink everything and let mailcow have its own public IP and have it do its own certificates.
Or you create a script (e.g. with ansible) that copies the certs and restarts the containers. Its not that hard.