Difficulty In Troubleshooting Why Thunderbird Won't Connect To Debian With Exim4 & Courier

Discussion in 'Installation/Configuration' started by AceFrahm, Aug 17, 2021.

  1. AceFrahm

    AceFrahm New Member

    Hello, Falko Timme - till
    I hope everything is OK in Lüneburg.

    I'm having trouble getting Thunderbird on my Win10 desktop PC at home to connect to my Debian server running Exim4 on a DigitalOcean droplet.

    It used to work, but Thunderbird changed to a new version a long time ago, and things broke, and I didn't have any time to deal with it way back then. Now I've fiddled around with my server settings so much I might need to fix a lot of things, and I can't say I retrace my steps exactly.

    I can send an e-mail from the terminal when I'm logged into the Debian Buster droplet, like this:
    echo "Test000" | mail -s "Test000" *******.******@gmail.com
    And that message will show up in my gmail inbox.

    The Debian Buster server has maildir style mailboxes, and they are still present from before.
    exim4 is using split files.
    courier and sasl are installed. I thought I had the system set to authenticate with courier, but now I'm not sure what I did before or how the system is really behaving now.

    There is a user on the Debian Buster with my own username & password to login with, acefrahm. I expect that the Thunderbird settings would take that username & password to connect to e-mail on the server via IMAP, but I get this instead:
    [​IMG]
    The most frustrating thing is that I feel lost here, I don't know how to think about the way courier, sasl, exim4 should all be configured when everything is completely correct, so I don't know how to look for what's wrong. I've tried to look through the /var/log folder, but the files there don't seem to reveal any more clues to me.

    I previously had Exim4 set to use the Let's Encrypt cert & key, and I think that part still works.

    But Thunderbird says the Outgoing SMTP has "no encryption" right now. I suspect that's just because something about my configuration is generally broken, which if fixed, would probably resolve that message too…but I don't have enough knowledge about how things are supposed to be to compare the current state of the system against the ideal state.

    The underlying problem is my lack of knowledge, and ridiculous complexity of these servers that are not user friendly, and a lack of good tutorials on the internet that can help someone become an expert. Each and every guide is like a recipe for 1 single cookie that has nothing in common with recipes for any other cookie, and +90% of the search hits refer to bad explanations of old versions of these softwares from more than a decade ago.
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    In a quick test, your server doesn't present any ssl certificates:
    Code:
    # openssl s_client -connect spellcast.in:25 -starttls smtp -servername spellcast.in
    CONNECTED(00000003)
    140070907413824:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 254 bytes and written 337 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---
    
    
    # openssl s_client -connect spellcast.in:143 -starttls imap -servername spellcast.in
    CONNECTED(00000003)
    closed
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 474 bytes and written 330 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---
    
    
    # openssl s_client -connect spellcast.in:993 -servername spellcast.in
    CONNECTED(00000003)
    closed
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 7 bytes and written 304 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---
    
    I don't know that much about exim4 nor courier, but maybe search for how to setup ssl in them.
     
  3. AceFrahm

    AceFrahm New Member

    Well, it's not presenting them on port 25, the SMTP port, and that's a problem.
    I don't know if the email client Thunderbird is trying to shake hands with Exim4 or Courier…I thought it was supposed to go through Courier.
    But Debian Buster is serving certificates through Apache for my websites on port 80.

    Code:
    openssl s_client -connect spellcast.in:443
    CONNECTED(00000004)
    depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
    verify return:1
    depth=1 C = US, O = Let's Encrypt, CN = R3
    verify return:1
    depth=0 CN = spellcast.in
    verify return:1
    
     

Share This Page