On 16/10/20 16.16, Dedet Saputra wrote:
> Kalau di Thunderbird tidak bisa ditambah manual ya pak?
Kalau pakai Thunderbird jangan pakai SSL yang vulnerable, pakai saja TLS
(IMAP/TLS port 143, SMTP/TLS port 587).
Hanya kalau outlook lama terpaksa pakai SSL.
Outlook yang baru, bisa pakai smtp/tls di port 587 walau IMAPnya masih pakai
SSL.
Port 143 dan 587 mailhub.kobexindo.com terfilter oleh firewall sehingga SSL dan
TLS tidak berfungsi benar.
$ openssl s_client -starttls smtp -connect mailhub.kobexindo.com:587
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 297 bytes and written 346 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
$ openssl s_client -starttls imap -connect mailhub.kobexindo.com:143
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 263 bytes and written 339 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Harusnya (yang benar) akan seperti ini
$ openssl s_client -starttls imap -connect mail.dutaint.co.id:143
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mail.dutaint.co.id
verify return:1
---
Certificate chain
0 s:CN = mail.dutaint.co.id
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
$ openssl s_client -starttls smtp -connect mail.dutaint.co.id:587
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mail.dutaint.co.id
verify return:1
---
Certificate chain
0 s:CN = mail.dutaint.co.id
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
--
syafril
-------
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0.3-64 bit Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.
Semua hal atau semua kesulitan dan semua pemborosan sebetulnya bisa kita atasi,
kalau mau. Jadi permasalahannya adalah bukan bisa atau tidak bisa, tapi mau atau
tidak mau.
--- Dahlan Iskan
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 20.0.2, SecurityGateway 7.0.1
