Hello again, I added the email managed by ISPconfig to Outlook for Mac and iPhone without any problems. But i wanted to add the same mail to Outlook on Windows but getting TLS errors. The user ip showing different on logs, it shows Microsoft ip (according to Google LLM). Here is a part log: Dec 30 17:53:34 server dovecot: imap-login: Disconnected: Connection closed: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=52.97.217.165, lip=10.0.0.6, TLS: SSL_read failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42, session=<MCnGfYAq3Bc0Ydml> What is wrong? Thanks
Probably you are using a very old Outlook version that uses SSLv3, which is disabled on recent Linux systems. In /etc/postfix/main.cf, you find these lines: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 change them to: smtpd_tls_mandatory_protocols = !SSLv2 smtpd_tls_protocols = !SSLv2 smtp_tls_protocols = !SSLv2 and restart postfix with: service postfix restart Then change doveot by editing /etc/dovecot/dovecot.conf file, change the line: ssl_min_protocol = TLSv1.2 to: ssl_min_protocol = SSLv3 and then restart dovecot with: service dovecot restart But it would be better if you update your old Outlook version, or use a different free mail client like Thunderbird if you do not want to purchase a new Outlook license. Just to mention, these changes are not update-safe yet, so you should just do them to test if this fixes your issue, and if yes, then we can make them update-safe.
Thank you for your quick reply again. So SSLv3 is old version? SSLv2 is newer? Let me check the outlook version. In fact i have Mac OS my friend has the Windows version of outlook that we wanted to add mail.
By the way i tried this but it didn't work. I reverted back to the original settings. My friend's outlook was published on 2022, its latest version seems to be updated in 2024.
No, SSLv2 is is older. !SSLv2 means not SSLv2. Then, your friend might have used a wrong mail server name. By default, the certificate is for the system hostname, so he must use the system hostname and not a subdomain like mail or smtp of the email domain.
No! SSLv2 is older than SSLv3. In @till 's example SSLv3 is enabled and SSLv2 is disabled. SSLv3 is enabled to make the server compatible with your outlook.
Maybe Windows has a problem with the SSL cert authority, if its a older Windows version. When you run: cat /etc/postfix/smtpd.cert on your server, does your SSL cert contain one or multiple certificate sections like: -----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE----- And when logging into ISPConfig GUI, you have a valid SSL cert from let's encrypt and not a self-signed one?
It seems 2 certificates like this: Also server.domain.com:8080 has lets encrypt when i check over browser.
So there is nothing to do right? My friend should change his outlook then he added to his phone without any problems. By the way I am using msg91 SMTP relay and it is fine. What is the best tool to check the settings and spam score of mail server?
