On 1/3/21 1:08 AM, Bob Proulx wrote:
Jason Mitchell wrote:
Everything you have written is totally accurate, but self signed
certificates for SMTP may be going away.
The latest version of Thunderbird requires a valid certificate on
the SMTP server it uses.
(Sorry for the formatting, I can't send mail from my laptop until I
fix the certificate issue (: )
Uhm... yes... your formatting problematic. Your message was missing
entirely from the plain text version of the message! That's not good.
That made things super confusing. It only appeared in the html text
version of the message. I had to dig it out! :-)
I am not using Thunderbird (mutt user here) but I must ask for
clarification. Perhaps there are other Thunderbird users who know?
As far as I know Thunderbird will *read* mail using many possible
different protocols perhaps the most typical today being IMAPS using a
TLS IMAP connection and that TLS connection needs a valid certificate.
That is most easily done using Let's Encrypt and a Domain Validation
certificate. Works great. Zero cost. Dovecot is typical to serve
IMAPS.
Then Thunderbird will *send* mail using again many possible protocols
but perhaps most typically using an authenticated SMTP to the
submission port 587 on the configured mail server. Postfix is my
preference. This outbound connection to the submission port will use
STARTTLS most typically and will require authentication credentials.
An account name and password.
I'm referring to implicit SSL for SMTP -- port 465. I'm doing it with
stunnel, but I assume later MTA's do this internally. However, it
appears I was wrong, it wasn't the certificate being the problem, it was
the TLS version.
And mail.com is one site that requires the forward/reverse DNS lookups
to match (regardless of SPF), in case anyone wanted an example.
Jason M.