[BUG] SSL/TLS settings from "notification" menu are incorrectly named/used

1. offizieller Beitrag

    Hi,


    Long story short
    In email settings, what is called "SSL/TLS" seems to actually be "STARTSSL" which is not the same and causes trouble setting up a proper SMTP connection when you actually want to use SSL/TLS.


    Explaination
    There is a very common misconception between TLS and STARTTLS, even Outlook doesn't know the difference and calls "SSL" what is actually "SSL/TLS" and they call "TLS" what is actually "STARTTLS".
    Android on some mobile phones (latest Samsung ones for sure) are wrong as well in the same way.
    No big deal here, but it is better to be on the good school about this to make life easier.


    OMV Version
    OMV 3.0.99, chances are this issue is also in OMV 4.


    Test setup
    I set up SMTP email notifications with a secure connection to a remote server.
    The remote server is running Plesk and has postfix as an SMTP server, with a proper certificate.
    The following SMTP connections are supported:
    - 25 No encryption
    - 465 SSL/TLS
    - 587 STARTTLS (maybe also STARTSSL, but who still uses that?!)


    Test results
    "SSL/TLS" option ticked | Port 465
    Expected result: Pass
    Actual result: Fail

    Code
    May 13 21:49:49 webmastered postfix/smtpd[2362]: connect from cloud.lrob.fr[87.98.183.113]
May 13 21:49:49 webmastered postfix/smtpd[1914]: SSL_accept error from cloud.lrob.fr[87.98.183.113]: Connection timed out
May 13 21:49:49 webmastered postfix/smtpd[1914]: lost connection after CONNECT from cloud.lrob.fr[87.98.183.113]
May 13 21:49:49 webmastered postfix/smtpd[1914]: disconnect from cloud.lrob.fr[87.98.183.113]


    "SSL/TLS" option ticked | Port 587
    Expected result: Fail if proper protocol naming is used, pass if is actually STARTTLS
    Actual result: Pass

    Code
    May 14 00:46:43 webmastered postfix/smtpd[8246]: connect from cloud.lrob.fr[87.98.183.113]
May 14 00:46:43 webmastered postfix/smtpd[8246]: D9AE21221AF: client=cloud.lrob.fr[87.98.183.113], sasl_method=DIGEST-MD5, sasl_username=myaddress@lrob.fr
May 14 00:46:43 webmastered postfix/cleanup[8261]: D9AE21221AF: message-id=<20180513224643.81D044A134C@myaddress.lrob.fr>

    This indicates that the connection initiated is rather STARTTLS when "SSL/TLS" is ticked, which is incorrect.


    Suggestion
    I would suggest to explicitly allow for three options that are standard (perfectly used in Thunderbird for example):
    - No encryption
    - SSL/TLS encryption
    - STARTTLS encryption


    Why would you trust what I say
    I work at a hosting company, setting up mail servers, setting up SMTP connections on websites and helping people out with their email configuration on their email clients all day, so, no arrogance intended, I kind of know what I'm talking about.

    • Offizieller Beitrag

    Please open a bugreport at https://scm.openmediavault.org, the forum is not used for that. Maybe we should rename the UI to 'Encryption' because there won't be added a dropdown box, instead the backend decides which type of encryption is used based on the choosen port. If you are a Postfix expert, then it would be great to get a patch that fixes the current config. Otherwise i'm afraid it will be fixed because the current implementation works for most scenarious especially Gmail and other big providers.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden