Everything seems to be working very nicely, all green, including Let’s Encrypt automatic certificates and relay through Microsoft 365 port 25 TLS. I am setting up as an authenticated on-prem SMTP relay, though have set up the minimal DNS in the docs to keep things as straightforward as possible. But I cannot get Betterbird to submit an email using authenticated SMTP. I have tried all combinations of 465/587/STARTTLS/SSL-TLS/normal/encrypted. The best I get is the below. What’s the best ‘docker compose logs’ to look at, and/or best changes to try?

Sending of the message failed.
The Outgoing server (SMTP) mail.transmit.centuryks.com does not support the selected authentication method. Please change the ‘Authentication method’ in ‘Account Settings | Outgoing Server (SMTP)’.

    • EETNyx

        Moolevel 51
      • Post #2

      Try to use telnet to submit mail to your server. This way you will see what server response including supported AUTH method to setup your client. When I try it, I got,..

      3/19/2025 3:37:52 AM Connection attempt #1 - Unable to connect after 15 seconds. [15.06 sec]```

      Have something to say?

      Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

      Looks like a network/firewall issue.

      MX Toolbox cannot connect, same message as in @ETNyx ’s post.

      I also tried via nmap, and it says port 465 is filtered…

      Host is up (0.14s latency).

PORT    STATE    SERVICE
465/tcp filtered smtps

      So it looks like port 465 incoming is being filtered by a packet filter/firewall, either directly on the OS where Mailcow is installed, with something like UFW, Firewalld, or (rather unlikely if you have not proactively changed anything) directly in nftables or iptables. Or if you are hosting on a VPS, the VPS provider may have a firewall in front of their VPSs where you have to open port 465. Or, and that would be the worst case, the VPS provider generally blocks email ports, in which case you would need to contact them.

      No one is typing