Hi All, I've set up Mailcow using this guide: **[Howto: Install mailcow in an LXC container on Proxmox 6.4-13 for home usage.](https://community.mailcow.email/d/1413-howto-install-mailcow-in-a-lxc-container-on-proxmox-64-13-for-home-usage)** My Mailcow server runs inside an LXC container on a Proxmox host, which is behind a NAT. I've allowed all the required ports through NAT, and everything seems to be working fine. For example, SMTP works when accessed from outside the Proxmox server using `mail.domain.com`. Here's my setup: - Private IP of the Mailcow container: 192.168.12.111 - Two other Linux machines on the same server: one running Nginx and the other hosting my website I'm trying to integrate Mailcow SMTP with my website, but I'm encountering issues. I've created a simple Node.js script using Nodemailer to test the SMTP setup. Here are the problems I'm facing: 1. When using the domain `mail.domain.com`, I get this error: ` PS C:\Users\Administrator\Desktop\smtp> node .\index.js Error: connect ECONNREFUSED 136.xx.xx.xx:587 at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1606:16) { errno: -4078, code: 'ESOCKET', syscall: 'connect', address: '136.xx.xx.xx', port: 587, command: 'CONN' } ` 2. When using the private IP `192.168.12.111`, I get this error: ` PS C:\Users\Administrator\Desktop\smtp> node .\index.js Error: self-signed certificate at TLSSocket.onConnectSecure (node:_tls_wrap:1674:34) at TLSSocket.emit (node:events:519:28) at TLSSocket._finishInit (node:_tls_wrap:1085:8) at ssl.onhandshakedone (node:_tls_wrap:871:12) { code: 'ESOCKET', command: 'CONN' } ` 3. If I modify the script to include `tls: { rejectUnauthorized: false }`, I can send emails, but this is not a secure solution. ` tls: { rejectUnauthorized: false, } ` I suspect there's something I'm missing with the SSL/TLS configuration. I'm using SSL with Certbot on the Nginx server. How can I fix these issues properly without bypassing SSL verification? Any guidance would be greatly appreciated! Thanks in advance.

SSL/TLS not working as expected on mailserver | Proxmox setup

Mrhudson69

Hi All,

I’ve set up Mailcow using this guide: Howto: Install mailcow in an LXC container on Proxmox 6.4-13 for home usage. My Mailcow server runs inside an LXC container on a Proxmox host, which is behind a NAT. I’ve allowed all the required ports through NAT, and everything seems to be working fine. For example, SMTP works when accessed from outside the Proxmox server using mail.domain.com.

Here’s my setup:

Private IP of the Mailcow container: 192.168.12.111
Two other Linux machines on the same server: one running Nginx and the other hosting my website

I’m trying to integrate Mailcow SMTP with my website, but I’m encountering issues. I’ve created a simple Node.js script using Nodemailer to test the SMTP setup. Here are the problems I’m facing:

When using the domain mail.domain.com, I get this error:

PS C:\Users\Administrator\Desktop\smtp> node .\index.js Error: connect ECONNREFUSED 136.xx.xx.xx:587 at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1606:16) { errno: -4078, code: 'ESOCKET', syscall: 'connect', address: '136.xx.xx.xx', port: 587, command: 'CONN' }
When using the private IP 192.168.12.111, I get this error:

PS C:\Users\Administrator\Desktop\smtp> node .\index.js Error: self-signed certificate at TLSSocket.onConnectSecure (node:_tls_wrap:1674:34) at TLSSocket.emit (node:events:519:28) at TLSSocket._finishInit (node:_tls_wrap:1085:8) at ssl.onhandshakedone (node:_tls_wrap:871:12) { code: 'ESOCKET', command: 'CONN' }
If I modify the script to include tls: { rejectUnauthorized: false }, I can send emails, but this is not a secure solution.

tls: { rejectUnauthorized: false, }

I suspect there’s something I’m missing with the SSL/TLS configuration. I’m using SSL with Certbot on the Nginx server. How can I fix these issues properly without bypassing SSL verification? Any guidance would be greatly appreciated!

Thanks in advance.

esackbauer

Can you please write to which port and with which encryption you are trying to send?
Ports 25 and 587 do NOT accept TLS connections, just unencrypted/STARTTLS
Port 465 does accept ONLY TLS connections.
Port 587 expects mailbox address/password to authenticate, port 25 does not.

Mrhudson69

esackbauer

I am trying ports 25 and 587.

When I try port 465, it also gives me an error about a self-signed certificate.

However, all ports work fine if I use

tls: { rejectUnauthorized: false,

Below is my entire code:

`
const nodemailer = require(‘nodemailer’);

let transport = nodemailer.createTransport({
host: ‘192.168.1.1’,
port: 587,
auth: {
user: ‘user@example.com’,
pass: ‘yourpassword’
},
tls: {
rejectUnauthorized: false,
}
});

const message = {
from: ‘user@example.com’, // Sender address
to: ‘recipient@example.com’, // List of recipients
subject: ‘Mail works’, // Subject line
text: ‘This mail is coming from a new server, and we are using new credentials. Everything is working fine.’ // Plain text body
};

transport.sendMail(message, function (err, info) {
if (err) {
console.log(err);
} else {
console.log(info);
}
});
`

Why do I need to add this line rejectUnauthorized: false? Can’t it work directly?

esackbauer

I don’t know what the code exactly does, again: Port 587 does NOT accept TLS connections, only STARTTLS!
https://docs.mailcow.email/client/client-manual/

If you get a message about self-signed on port 465, does at least verify that TLS connection is possible.
Also decide where you want to get your Lets Encrypt certificates, on the reverse proxy or mailcow. Depending on that you need to set up mailcow and the reverse proxy. E.g. reverse proxy pulls the certificates, then you need to copy them to mailcow, if LE in mailcow pulls the certificates, you need to setup the reverse proxy to be able to handle port 80 for mailcow.