After upgrading to ISPConfig 3.2, emails with TLS configuration stopped sending email

Th0m · Jul 31, 2022

chrmrtns said: ↑

Dane is an extra security using dnssec, and not all servers support it.

If not configured correctly messages in/out will not be delivered because smtp_tls_security_check fails.

If you replace to 'may' the verification is optional and mails would be sent and delivered.
Click to expand...

I disagree, you should not set this to may. If a external server has DANE configured incorrectly, that's on them. The mismatch is also a security mechanism.

chrmrtns · Aug 1, 2022

Th0m said: ↑

I disagree, you should not set this to may. If a external server has DANE configured incorrectly, that's on them. The mismatch is also a security mechanism.
Click to expand...

That's true, security mechanism using dns and the tlsa record.
Some have not configured correctly, and if you use dane you may leave mails on the table.
It is just not established everywhere.

Th0m · Aug 1, 2022

If it's not set up it doesn't matter. But when it is set up your server respect that and not deliver if there is a mismatch.

chrmrtns · Aug 1, 2022

Th0m said: ↑

If it's not set up it doesn't matter. But when it is set up your server respect that and not deliver if there is a mismatch.
Click to expand...

Should be true, but I have seen too many failures.
Just my two cents, you can set to may or leave as is with dane if you want to go the extra mile and want to have extra security.
Unfortunately there are providers which try to force dane if or if not configured, and finally their emails would never reach you. I wish you luck that you will never have to deal with such companies who are not able to maintain a correct system.

Th0m · Aug 2, 2022

Their emails will reach you, but yours won't reach them. Of course I have to deal with other companies that do not have their servers set up correctly, and ISPConfig already has some settings set to non-optimal values to deal with that. But how far shall we go?

chrmrtns · Aug 2, 2022

Th0m said: ↑

Their emails will reach you, but yours won't reach them. Of course I have to deal with other companies that do not have their servers set up correctly, and ISPConfig already has some settings set to non-optimal values to deal with that. But how far shall we go?
Click to expand...

ISPConfig is the best platform I have ever seen, and re your question how far you should go: It is all fine, and nevertheless, re other companies: (not all, just a few) THEIR emails will not reach me, although mine go through like a charm.

Log in or Sign up

After upgrading to ISPConfig 3.2, emails with TLS configuration stopped sending email

Th0m ISPConfig Developer Staff Member ISPConfig Developer

chrmrtns New Member

Th0m ISPConfig Developer Staff Member ISPConfig Developer

chrmrtns New Member

Th0m ISPConfig Developer Staff Member ISPConfig Developer

chrmrtns New Member

Share This Page

Log in or Sign up

After upgrading to ISPConfig 3.2, emails with TLS configuration stopped sending email

Th0m ISPConfig Developer Staff Member ISPConfig Developer

chrmrtns New Member

Th0m ISPConfig Developer Staff Member ISPConfig Developer

chrmrtns New Member

Th0m ISPConfig Developer Staff Member ISPConfig Developer

chrmrtns New Member

Share This Page

Useful Searches