I've set up the Mail component in the Server.app to provide an internal mail server. We used to use this mail server to send mail (via SMTP) without TLS on port 25 which worked well enough.
Now I wanted to secure SMTP with either SSL/TLS , but I cannot get it to work. This is what I did:
- In the Server.app, under *Certificates*, I've assigned an SSL certificate to the service *Mail (SMTP)* as well as to *Mail (IMAP and POP)*
- I've tried to send mail via SMTP with SSL on ports 25, 587, and 465, which all failed.
- I've tried to send mail via SMTP with StartTLS on the same port, which succeeded on port 25 and 587.
- I've tried to send mail without any secure channel, which succeeded on port 25 and 587.
My conclusions are
- port 465 is not available
- ports 25 and 587 respond identically
- StartTLS works, and it's using the configured certificate
- SSL does not work
Trying to verify SSL with openssl gives me the following error
`
$ openssl s_client -showcerts -connect smtp.mail.localdomain:25 -servername smtp.mail.localdomain
CONNECTED(00000005)
4306470444:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/ssl/ssl_pkt.c:386:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1663316761
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Asked by not2savvy
(2070 rep)
Sep 16, 2022, 08:32 AM