Am 28.11.2016 um 18:57 schrieb rich.gre...@hushmail.com: Hello,
it looks Thunderbird can't validate the certificate the mailserver is using. The dialogue you refer to is normal. What I recommend to my folks when using my servers is to simply "accept it" and get done with it (happens every 6 months when I update the certs). What then usually helps is either try to resend or stop & start thunderbird again. > Okay, I am really curious how this works then. Good catch on the 'www' test. > I winged it without reading the manpage. I've never known a good starting > point for learning DNS, so that is definitely a weak point. So, now that the > DNS is out of the way. I'm going to dig deeper here. > > When I try to send a message to myself using Thunderbird, m...@example.com, I > get this > > Sending of the message failed. > The message could not be sent using Outgoing server (SMTP) example.com for an > unknown reason. Please verify that your Outgoing server (SMTP) settings are > correct and try again. > > Then about half a second later, a popup window appears titled 'Add security > exception' that begins "You are about to override how Thunderbird identifies > this site". I click on 'Get Certificate', but it doesn't really do anything. > > So I look in the logs: > > mail.log > > Nov 28 18:34:56 example dovecot: imap-login: Login: user=<u...@example.com>, > method=PLAIN, rip=69.179.xxx.yyy, lip=192.168.178.31, mpid=1291, TLS, > session=<gfbp419CFsRFs3SF> > Nov 28 18:35:14 example postfix/smtpd[1293]: connect from > 69-179-xxx-yyy.dyn.centurytel.net[69.179.xxx.yyy] > Nov 28 18:35:16 example postfix/smtpd[1293]: warning: TLS library problem: > error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown > ca:s3_pkt.c:1472:SSL alert number 48: > Nov 28 18:35:16 example postfix/smtpd[1293]: lost connection after STARTTLS > from 69-179-xxx-yyy.dyn.centurytel.net[69.179.xxx.yyy] > Nov 28 18:35:16 example postfix/smtpd[1293]: disconnect from > 69-179-xxx-yyy.dyn.centurytel.net[69.179.xxx.yyy] ehlo=1 starttls=1 commands=2 > > I have no idea what this means. > > The only other log file with a recent entry would be the auth.log which seems > to only detail the 20 or so attempts of SSH login each minute from across the > world, which is normal for anybody with a website. > > Rick > > On 11/28/2016 at 11:12 AM, "Noel Jones" <njo...@megan.vbhcs.org> wrote: >> >> On 11/28/2016 9:07 AM, rich.gre...@hushmail.com wrote: >>> Hello, >>> >>> First, email has been working fine on this server for past >> several months while using the Squirrelmail web client located on >> the same server. I am needing an alternative method to access >> mail services and decided, on a whim, to try Thunderbird. >> Thunderbird interacted with the Dovecot IMAP server just fine, but >> when I tried to test sending mail over SMTP, it failed. I wish the >> error they gave me was more verbose, but it wasn't. So I decided >> to test things in more detail. >>> >>> I decided that, since SMTP is a plain-text protocol, I should be >> able to interact via telnet. Searching on this idea, I found a >> really interesting webpage >>> >>> https://www.port25.com/how-to-check-an-smtp-connection-with-a- >> manual-telnet-session-2/ >>> >>> There was something strange with the MX record. I modified the >> URL, of course. >>> >>> nslookup -type=mx example.com >>> Server: 8.8.8.8 >>> Address: 8.8.8.8#53 >>> >>> Non-authoritative answer: >>> example.com mail exchanger = 10 mail.example.com. >>> >>> Authoritative answers can be found from: >>> >>> >>> and that was it. >> >> Nothing wrong here, MX records don't contain an IP. You can >> compare >> with -type=mx gmail.com. >> >> >>> >>> I decided to perform the same test, but pull the www record and >> with that I actually got an IP address. >>> >>> nslookup -type=www example.com >>> unknown query type: www >>> Server: 8.8.8.8 >>> Address: 8.8.8.8#53 >>> >>> Non-authoritative answer: >>> Name: example.com >>> Address: 87.xxx.yyy.zzz >>> >> >> There is no type=www. This test is broken. >> >> >> http://www.postfix.org/DEBUG_README.html >> >> If you show postfix logs and describe the actual error you're >> getting, maybe someone can help. >> http://www.postfix.org/DEBUG_README.html#mail >> >> >> -- Noel Jones > > -- Florian Piekert flo...@floppy.org Spargelweg 5 Telephone+Fax: +49-700-00floppy 38179 Schwülper-Walle/Germany +49-179- 3928582 =========================================================================== Note: this message was send by me *only* if the eMail message contains a correct pgp signature corresponding to my address at flo...@floppy.org. Do you need my PGP public key? Check out http://www.floppy.org or send me an email with the subject "send pgp public key" to this address of mine. Thx!
signature.asc
Description: OpenPGP digital signature
