I do have Postix. And it does use an encrypted port (ports for POP3S, SMTPS etc.) and also I set Thunderbird Mail, so it would use encrypted port. But like I said, I think I created self-signed cert valid for like 10 years to use it with the mail. So what connection does it have with my old certificate I specifically obtained to use with Apache and HTTPS?
It neednât have any connection, but youâre seeing weird symptoms, and if in fact for any reason Postfix is checking for those files you deleted that would explain those symptoms wouldnât it? So might be a good time to check the Postfix config for any mention of the files you removed.
Like I said, Postfix uses other cert that I created. Moreover, Postfix does receive e-mail. If it werenât then I wouldnât be seeing new mail in web mail, would I?
I think itâs the Thunderbird Mail that causes this trouble.
Most incoming mail doesnât use secure transport. You can still get e-mail even if you have a broken certificate since others wonât see it.
If you can provide some details on the server name, even privately, someone can look and see what youâre presenting for a certificate on IMAPS and SMTPS connections.
If you want to do this yourself, and have access to the openssl command, you can use a command like âopenssl s_client -connect servername:portâ to see the certificate chain presented.
Do you mean that even an expired cert might be good enough for receiving e-mail?
I ran that command on 995 and 465 ports and in both cases I got a whole bunch of cert related info. And also this:
Verify return code: 18 (self signed certificate)
So Iâm assuming that my mail servers use my self-signed cert?
No surprise here. Though it still doesnât help me to investigate why removing my other cert had that strange side effect on Thunderbird Mailâs ability to present me a login box and to receive mail. I never configured any of my mail servers to use that cert that expires in two days. So why removing it has any effect on receiving mail and being able to log in properly to be able to receive e-mails.
Most servers out there won't try to connect using TLS to deliver mail to your server. Some will, but will fall back to non-secure if the certificate is broken.
Not sure on your issue. I'm not good enough to diagnose remotely. Without seeing things directly, I honestly have no clue on why that is happening.
You can distinguish between SMTPS on port 465 and STARTTLS within SMTP on port 25. Most clients will not enforce certificate validity at all for STARTTLS, but will for SMTPS (if theyâre using it).
STARTTLS is actually already supported by a majority of mailservers; I think thereâs a more recent and more relevant study but one source of data on this is https://www.facebook.com/notes/protect-the-graph/the-current-state-of-smtp-starttls-deployment/1453015901605223
However, SMTPS will primarily be used for mail submission by MUAs running on individual usersâ devices, while SMTP with optional STARTTLS will primarily be used for mail delivery between MTAs on different sites.
Thank you both for your replies!
schoen,
In Thunderbird Mail, in Server Setting thereâs a drop-down menu and itâs chosen SSL/TLS by default. Though thereâs also a STARTTLS option present. That means that my MUA does NOT use STARTTLS.
Also itâs set to connect on port 995. Iâm talking about receiving. Sending was never an issue, so thereâs no point even to discuss it here.
As of now, my old cert that I was using in Apache has expired. But I didnât remove its files. Everything seems to be working, but the mystery remains unsolved. I still donât understand why my MUA suddenly stopped showing a login box and receiving e-mails after I deleted my old expiring certâs files. And also remember that both Postfix and Courier are configured to use my another cert (the self-signed one), which is valid, of course.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.