Where do you host?
Do you manage the Postfix server?
On my local machine with tls version 1.2 it’s working fine.
Thread Starter
aartsr
(@aartsr)
mmmm so 1.2 is supported. And yes I can manage the postfix server, the webserver (apache etc) already has tls v1.0 disabled… disabling tlsv1.0 only seemed to affect smtp for two older apple devices using standard apple/macmail clients and postman, every other ‘client’ so far seems to be unaffected
related postfix error log:
mail postfix/submission/smtpd[19684]: connect from xxxx.eu[xxx.xxx.xxx.xxx]
mail postfix/submission/smtpd[19684]: SSL_accept error from xxxx.eu[xxx.xxx.xxx.xxx]: -1
mail postfix/submission/smtpd[19684]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:635:
mail postfix/submission/smtpd[19684]: lost connection after STARTTLS from xxxx.eu[xxx.xxx.xxx.xxx]
mail postfix/submission/smtpd[19684]: disconnect from xxxx.eu[xxx.xxx.xxx.xxx]
Run this on the postfix server:
openssl s_client -connect localhost:587 -starttls smtp
Thread Starter
aartsr
(@aartsr)
ty for your reply again, but unfortunately I can’t disable tls v1.0 right now to test starttls that way. But when I did have tls v1.0 disabled thunderbird for example didn’t have a problem (and it’s setup to connect via starttls as well).
Sorry, lost you.
The command will not disable tls.
Thread Starter
aartsr
(@aartsr)
i know, but postman is working fine when tls v1.0 on postfix is enabled, so it only seems to make sense to test (use the command) when tls v1.0 is disabled in postfix… can’t do that until tonight
Ohh, I understand now 🙂
Waiting for your update.
Thread Starter
aartsr
(@aartsr)
well, when testing from webserver to mailserver I get the same result wether I have tlsv1.0 enabled or disabled in postfix:
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=xxx.eu
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
—
Server certificate
—–BEGIN CERTIFICATE—–
—–END CERTIFICATE—–
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=xxx.eu
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
—
No client certificate CA names sent
—
SSL handshake has read 6275 bytes and written 450 bytes
—
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 460B7F086EB125FEC3AB5CB08271477AF71736B94685DC5B03DEA1B14D3F89CF
Session-ID-ctx:
Master-Key: xxx
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
Start Time: 1532017655
Timeout : 300 (sec)
Verify return code: 0 (ok)
—
250 DSN
Thread Starter
aartsr
(@aartsr)
In the mean time I’ve also tested with WP Mail SMTP by WPForms and for good measure also with the standard SMTP option in Joomla and both result in test e-mails being sent normally with TLSv1.0 disabled (or enabled) in postfix on the mailserver.
I have installed postfix and run some test, with tls v1.2 all worked.
Any chance I will share the server credentials so you can match the settings to your configuration?
If yes, please contact me at https://postmansmtp.com/contact
Thanks
Hi,
Please update to the latest version.
Let me know if it’s working.
Thread Starter
aartsr
(@aartsr)
great stuff, that fixed it! thanx 😀
Thank you, you helped me a lot.
Thread Starter
aartsr
(@aartsr)
no problem, better to help a bit with improving a great plugin instead of dumbly switching to something else that might be buggy, unsafe etc etc… have a great Sunday!
