On 2/26/26 16:19, Ivan Leonardo wrote:
Saya coba install apps mailbird bisa running normal tanpa masalah dengan tipe
imap STARTTLS
Pakai koneksi LAN atau Internet?
Pakai LAN , Pak
Coba testnya pakai koneksi internet, misalkan pakai koneksi data selular.
Hasil test saya dari kantor hanya IMAP/TLS yang gagal, IMAP-SSL atau
IMAP plain tidak masalah.
Port 25,587,465,993,995,143 di DMZ sejak awal sudah open Pak, jadi binun
deh apa penyebabnya.
Kalau certificate pasti tidak ada masalah ya Pak ? jadi hanya di masalah
jaringan ?
Ya, tepatnya ini masalah di firewall yang punya fitur Proxy Inspector
(SSL/TLS inspection rules) bukan masalah di router (routing table).
Bukan hanya port 143 yang terfilter TLSnya, juga port 443 (https)
terfilter SSLnya dari internet.
$ openssl s_client -showcerts -connect webmail.pttdp.com:443
40975540D37F0000:error:8000006E:system library:BIO_connect:Connection
timed out:../crypto/bio/bio_sock2.c:114:calling connect()
40975540D37F0000:error:10000067:BIO routines:BIO_connect:connect
error:../crypto/bio/bio_sock2.c:116:
connect:errno=110
$ openssl s_client -starttls smtp -connect webmail.pttdp.com:143
CONNECTED(00000003)
Didn't find STARTTLS in server response, trying anyway...
Untuk sementara untuk IMAP bisa pakai port 993 (IMAP/SSL)
$ openssl s_client -showcerts -connect webmail.pttdp.com:993
CONNECTED(00000003)
depth=2 C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication Root R46
verify return:1
depth=1 C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication CA DV R36
verify return:1
depth=0 CN = webmail.pttdp.com
verify return:1
---
Certificate chain
0 s:CN = webmail.pttdp.com
i:C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication CA DV R36
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 26 00:00:00 2026 GMT; NotAfter: Mar 29 23:59:59
2027 GMT
subject=CN = webmail.pttdp.com
issuer=C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication CA DV R36
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3816 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID:
6DE7D9102A870372267EEE7FBEEA6E4EA91FAC997698294CC4216735E79ECBCF
Session-ID-ctx:
Resumption PSK:
C50D8C292A5DF741E1E7BCE88576D22EFB403416FD34A6D92BE7EE69FFD1468CF3AD1E8FB0FA4832FD24A27DE0EBD475
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 36000 (seconds)
TLS session ticket:
0000 - be 1b 00 00 8c 42 ff 0d-42 fc 76 95 e9 fe 8e c4
.....B..B.v.....
0010 - d3 46 5a 67 85 18 c1 24-77 65 62 42 34 c8 e4 4a
.FZg...$webB4..J
Start Time: 1772149221
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
* OK webmail.pttdp.com IMAP4rev1 ready
--
syafril
--------
Syafril Hermansyah
MDaemon-L Moderator, run MDaemon 26.0.0 Beta D
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.
Org yg bijaksana adl yg mengetahui sejauh mana dia bisa pergi terlalu jauh
-- Jean Cocteau, born 1891
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 25.5.2, SecurityGateway 12.0.0
