troubleshooting
Continuing the discussion from Stalwart-mail+Discourse: POP3 EOF reached (again):
Since @programmerjake is also exploring Discourse ↔ Stalwart-mail, I wanted to ask you whether you’re experiencing TLS errors on SMTPS:
2024-07-01T17:37:49.718793Z DEBUG common::listener: Failed to accept TLS connection: tls handshake eof context="tls" event="error" instance="smtps" protocol=Smtp remote.ip="128.140.68.114"
2024-07-01T17:37:49.899171Z DEBUG common::listener: Failed to accept TLS connection: tls handshake eof context="tls" event="error" instance="smtps" protocol=Smtp remote.ip="128.140.68.114"
On Discourse’s side, there’s an error popup:
ERROR - Net::ReadTimeout with #<TCPSocket:(closed)>
It seems to be related to Ruby’s OpenSSL library not supporting TLSv1.3, but this seems a bit far-fetched since it should be working with TLSv1.2 anyway.
Working installation
Stalwart-mail >= v0.8.3
That’s it, with this release, Stalwart-mail now supports both sending and receiving email with Discourse.
Stalwart-mail is a single binary mail service that covers all your email needs without the clutter of configuration that we’ve been used to over decades with Postfix + Spamassassin + Dovecot + etc. Here, you setup your installation and have everything ready to go, including full TLS automation with ACME and LetsEncrypt, SPF, DMARC, DKIM, ARC, DANE support out of the box (including reports from and to your domains), TLSA and other DNS records ready to go, auto-configuration and auto-discovery for easy mail client setup, shared folders (via “groups”), aliases, ManageSieve filters on all incoming and outgoing messages at various stages of the process, web administration, 2FA and TOTP support, OAUTH, and many more features. No need to externalize your email anymore!
- Use a
submission
listener on port 587 for SMTP- disable implicit TLS (means: use STARTTLS)
- Ensure ignore client order is disabled (either in the defaults or override TLS options of the listerner)
- Enable a POP3 listener on port 995 with implicit TLS
Discourse
Configure email normally using 587 for Submission (with STARTTLS) and 995 for POP3s with SSL/TLS.