• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Android Maildroid and Apple mail program cannot send mail

tkalfaoglu

tkalfaoglu

Silver Pleskian
I thought I had it all set up, but apparently the phones cannot send mail out.
(Incoming is OK.. Outgoing fails).

I tried it with Maildroid, and it complains "no common protocol was found between client and server.."
however, I have the server set up to accept ssl, tsl, plain mail. I have a wildcard certificate on the ssl,
as well as CA certificates, etc, for both qmail and courrier.

I have spamdyke as well.
How can I diagnose what's going on? what's causing these clients not to connect to mail.kalfaoglu.net ?

Thanks!
-turgut
 
Hi tkalfaoglu,

well... let's have a look at the


Courier-IMAP
...
  • Configuration
    • /etc/courier-imap/imapd
    • /etc/courier-imap/imapd-ssl
    • /etc/courier-imap/pop3d
    • /etc/courier-imap/pop3d-ssl
Postfix
...
  • Configuration
    • /etc/postfix/master.cf
    • /etc/postfix/main.cf
Qmail
...
  • Configuration
    • Control files in /var/qmail/control/
    • /etc/xinetd.d/smtp_psa
    • /etc/xinetd.d/smtps_psa
    • /etc/xinetd.d/submission_psa
Click to expand...
Each mail-system has it's own way, to define the accepted ciphers. So for example with postfix, you will finde the desired definitions to use in the main.cf at:

Code: 
...
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
...

Another hint is, to use the FORUM SEARCH, because after the pusblishing of the Poodle vulnerability, there were a lot of questions, how to solve that and Odin published as well a KB - article, which describes, how you might secure your server against it. Part of it, is to define other ciphers-lists, as you will notice by reading:


In some cases you might experience issues with incompatibilities for some browser and/or eMail - clients, after you followed the KB - article 123 160. It might help to read:


... to solve such issues, because there are several additional solutions provided in this thread.
 
I just realized that iphone clients CAN send mail, but only if I blank out username+password in the SMTP settings..
that is, if I turn off smtp auth.
pop-before-smtp is an ugly solution; but perhaps the fact that they CAN send emails if no auth is used, gives us a clue on why iphone users cannot send emails..
 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
726
Polli
Polli
W
Question SSL Cert for Mail-Server
Replies
1
Views
711
Kaspar
K
flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
832
flederwiesel
flederwiesel
W
Question set up a subdomain for an alias domain - SSL certificate
Replies
0
Views
487
W4ru
W
A
Question secure mail.[domainname].xx with SSL
Replies
0
Views
903
Albertje
A
Back
Top