I’m getting some kind of a certificate error when accessing the pop3 mail server from another server on our domain. The resultant message is: Job exception: hostname "mail.domain.tld" does not match the server certificate, but does not give the actual hostname mismatch information within the backtrace.
First, SNI is required in this situation and a sysadmin has suggested that Discourse may not be configured properly to use SNI and thus the error message. The certs have tested out and seem to have no problems.
Second, just to make sure I’m on the same page with debug: How should access POP3 (or the cert request and comparison) from within the Discourse container so as to actually get this data that is being compared to indicated a certificate mismatch? I’d like to do a sanity check here to be sure I’m comparing proverbial apples to apples…
I did check in to see if SNI could be disabled on the sever and the reply was that it’s not possible. The sysadmin said:
Please note that there is no supported mechanism for disabling mail SNI, so you will need to work with the Discourse developers to support it. These pages may be of assistance to you in doing that:
I’m really glad you pointed that out, I’d not seen this option anywhere and wish I’d known about the this from the get-go. Might be a good idea to add this info to the installation instructions or perhaps even mention it within the app.yaml as something to consider when setting up the email section.
I did ask for some input there as well for some additional clarity given my scenario. Please feel free to chime in.
Your original post doesn’t specify which documentation you were following to go down the POP3 rabbit hole, but assuming you were looking at the official guide linked above it has been linked in there since March 28.
I’ve responded to your reply in the other topic to suggest how to structure addresses/domains when using this.
Je me lance dans l’arène et je demande également le support SNI. Postfix et Dovecot ont tous deux ajouté leur prise en charge au cours de l’année écoulée, et de nombreuses personnes, dont moi-même, ont déjà effectué la transition. Habituellement, Discourse est à jour sur ce genre de sujets, j’ai donc été franchement surpris de constater son absence sur la feuille de route.
Je fais juste un point pour savoir si le SNI est prévu dans les développements futurs. Safari et Outlook prennent tous deux en charge le SNI depuis près de cinq ans. Cela simplifierait grandement ma configuration serveur pour les e-mails si je pouvais simplement utiliser mon SNI au lieu de pointer vers un seul serveur de messagerie.
Alternately, if you aren’t comfortable using GMail for this, you can set up your own incoming email service using