SMTP with TLS to port 25 fails

Hi,

I have a passbolt server that is no more able to send mails via SMT TLS.

the listening mail server (using postal) listens on port 25 and accepts plain text connections and TLS connections with LOGIN (username and password)

If passbolt only succeeds sending maisl when using no TLS, as soon as I enable TLS the sending mail fails.

The swaks traces look like

the swaks traces:

=== Trying mail.mydomain.com:25...
=== Connected to mail.mydomain.com.
<-  220 mail.mydomain.com ESMTP Postal/GV6ICJ7B
 -> EHLO localhost
<-  250-My capabilities are
<-  250-STARTTLS
<-  250 AUTH CRAM-MD5 PLAIN LOGIN
 -> STARTTLS
<-  220 Ready to start TLS
=== TLS started with cipher TLSv1.3:TLS_AES_256_GCM_SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/CN=mail.mydomain.com"
 ~> EHLO localhost
<~  250-My capabilities are
<~  250 AUTH CRAM-MD5 PLAIN LOGIN
 ~> AUTH LOGIN
...
<~  235 Granted for mydomain/notify
....

passbolt tells me (when trying to send the test mail)
The test email could not be sent. Kindly check the logs below for more information

and I get following log.

[
    {
        "cmd": null,
        "response": [
            {
                "code": "220",
                "message": "mail.mydomain.fr ESMTP Postal/3JDHAWRI"
            }
        ]
    },
    {
        "cmd": "EHLO bolt.mydomain.fr",
        "response": [
            {
                "code": "250",
                "message": "My capabilities are"
            },
            {
                "code": "250",
                "message": "STARTTLS"
            },
            {
                "code": "250",
                "message": "AUTH CRAM-MD5 PLAIN LOGIN"
            }
        ]
    },
    {
        "cmd": "STARTTLS",
        "response": [
            {
                "code": "220",
                "message": "Ready to start TLS"
            }
        ]
    }
]

Is there any way to get more traces to understand why sending mails with TLS fail.

Hello @klausf and welcome to the forum!
Have you tried setting up your custom or self-signed SMTP certificate in Passbolt?
Here is a guide that may help you

Hi @Termindiego25 ,

Thanks a lot for your answer.

No, so far I didn’t try this. Have to see how to pass everything through with my docker-compose setup.

Just out of curiosity:

  • Why should I have to setup self signed SMTP certificates? Shouldn’t that happen automatically. shouldn’t they be created on the fly?
    Would there be any way to get traces that indicate that the lack of self made SMTP certificates is the cause?

In an ideal world I’d like to be able to have traces that show me why the connection is failing.