PDA

View Full Version : An encrypted connection to your mail server is not available?



janton
04-13-2011, 09:27 AM
Dear ALL,

I have been using directadmin for a small year now and still learning. Only thing i did not find out...

When i create a e-mail adres and want to connect in Outlook express i get:
An encrypted connection to your mail server is not available. Click Next to attempt using an unencrypted connection.


Of course the unencrypted connection works, but how can i make my mail server encrypted, i have a ssl certificate and https works perfect.. (also verified)
Perhaps it's the firewall, but i disabled the firewall to test this and still got the same message..> i'm not sure how to find the problem or what i need to install...

scsi
04-13-2011, 10:37 AM
You disabled the firewall on your computer or on the server?

The ports ssl uses is TCP 465 for smtps and 993 or 995 for pop3s or imaps. Make sure that those ports are open through your firewalls.

Also you should probably do this guide if you dont own a ssl certificate:

http://help.directadmin.com/item.php?id=245

janton
04-13-2011, 02:13 PM
You disabled the firewall on your computer or on the server?

The ports ssl uses is TCP 465 for smtps and 993 or 995 for pop3s or imaps. Make sure that those ports are open through your firewalls.

Also you should probably do this guide if you dont own a ssl certificate:

http://help.directadmin.com/item.php?id=245


TCP 465 for smtps and 993 or 995 > TCP_IN? yes i have this with TCP_IN but not with TCP_OUT, i guess that is correct.
Yes i disabled firewall on the server, not on my own machine :)

scsi
04-13-2011, 02:38 PM
could try this command:

openssl s_client -crlf -connect 1.2.3.4:465

replace 1.2.3.4 with your actual ip...as long as you get no errors it should be working the way its supposed to

janton
04-14-2011, 02:44 AM
could try this command:

openssl s_client -crlf -connect 1.2.3.4:465

replace 1.2.3.4 with your actual ip...as long as you get no errors it should be working the way its supposed to

Do i need to use this code on a different host? or on my server?
(i will try both now)

janton
04-14-2011, 02:55 AM
On the server self:
-bash-3.2# openssl s_client -crlf -connect x.x.x.x:465
socket: Connection refused
connect:errno=29
(got this error very fast)


From different linux server
-bash-3.2# openssl s_client -crlf -connect x.x.x.x:465

(first i though i could type something because cursus was on the next line.. i did not get any message directly but i did not know what to type.. then after a few minutes it gave me this result)

socket: Connection timed out
connect:errno=29


Dos on Windows:
openssl s_client -crlf -connect x.x.x.x:465
Loading 'screen' into random state - done
connect: Bad file descriptor
connect:errno=10061

janton
04-14-2011, 03:18 AM
Also i looked in the exim log when i tried add a new email account in Outlook, so when i normally get "An encrypted connection to your mail server is not available. Click Next to attempt using an unencrypted connection" :

(other persons that i give email accounts to have the same problem, so it's not just my computer or outlook)

i replaced things i think are not good to post online with xxxx

2011-04-13 22:15:54 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=xxxx [xxxx] input="\026\003\001"
2011-04-13 22:15:54 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=xxxx [xxxx] input="\026\003\001"
2011-04-13 22:15:54 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=xxxx [xxxx] input="\026\003\001"
2011-04-13 22:15:54 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected " " H=xxxx [xxxx] next input="\023\024"
2011-04-13 22:15:54 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=xxxx [xxxx] input="\026\003\001"
2011-04-13 22:15:54 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=xxxx [xxxx] input="\026\003\001"

scsi
04-14-2011, 08:24 AM
doesnt look like it uses the standard 465 port... I am not sure how to test ssl or if smtps even works with directadmin exim.

janton
04-15-2011, 01:23 AM
doesnt look like it uses the standard 465 port... I am not sure how to test ssl or if smtps even works with directadmin exim.

i checked the etc/exim.conf and:
daemon_smtp_ports = 25 : 587

so then i whent looking for SSL in exim.conf and i remember i one time changed this line:
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP



# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
tls_advertise_hosts = *
#auth_over_tls_hosts = *


perhaps that is incorrect? or my key and cert are not good enough now?

janton
09-22-2011, 07:10 AM
Oke this took me maybe a freaking year to find out... but i's all Microsoft problems!

It seems that i don't have a trusted certificated, so if you add a email account with the normal add email option you don't get a "trust this certificated" window.

If you add a account by hand/manual in Outlook and then go in the "More options" and there select secure pop3 and secure (TLS) smtp and change the poort to 587

i do get this "do you trust this server certificated" popup... and Voila! it all works.. DARN i really spent many hours looking on the server what it could be... mmh:mad: but ok all is working now.. now i need to know how i get a trusted certificated :o for the mail server (i guess)