Hi all, this is a follow-on from a question yesterday.
I am trying to migrate our main server (including SM) across to an Azure VM. They block port 25 by default, I am trying to have this lifted, but it apparently requires establishing billing history first.
If unsuccessful now, the fallback strategy is to migrate most services across to Azure, but keep SM on the existing server for the interim, and use it externally from there.
Our web apps on the server are the only consumers of SmarterMail as an onboard mail server, and I have never had to setup encryption on ports before, as we could simply access it in the clear via localhost. But if we have to access it remotely obviously SSL/TLS support will be essential.
We have SM 12.5, and need SMTP and POP only. We are using System.Net.Mail.SmtpClient for some operations (so must use STARTTLS via port 587, not port 465). Also the jstedfast MailKit SMTP/POP components.
I experimented with adding encryption under SM > Settings > Ports, by making Encryption=TLS for the 587 Submission Port. I am using a SSL certificate generated for the same www subdomain that the mail server is being accessed through (if that is important?).
But then SMTP setup with Outlook 365 fails when configured for STARTTLS, and SmarterMail reports the following in the logs:
[2021.09.15] ... rsp: 220 ...
[2021.09.15] ... connected at 9/15/2021 12:54:26 PM
[2021.09.15] ... cmd: EHLO OFFICENUC
[2021.09.15] ... rsp: ... Hello [...]250-SIZE 31457280250-AUTH LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2021.09.15] ... cmd: STARTTLS
[2021.09.15] ... rsp: 220 Start TLS negotiation
[2021.09.15] ... Exception negotiating TLS session: System.ComponentModel.Win32Exception (0x80004005): The client and server cannot communicate, because they do not possess a common algorithm
[2021.09.15] at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
[2021.09.15] at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
[2021.09.15] at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte& thumbPrint)
[2021.09.15] at System.Net.Security.SecureChannel.GenerateToken(Byte input, Int32 offset, Int32 count, Byte& output)
[2021.09.15] at System.Net.Security.SecureChannel.NextMessage(Byte incoming, Int32 offset, Int32 count)
[2021.09.15] at System.Net.Security.SslState.StartSendBlob(Byte incoming, Int32 count, AsyncProtocolRequest asyncRequest)
[2021.09.15] at System.Net.Security.SslState.ProcessReceivedBlob(Byte buffer, Int32 count, AsyncProtocolRequest asyncRequest)
[2021.09.15] at System.Net.Security.SslState.StartReceiveBlob(Byte buffer, AsyncProtocolRequest asyncRequest)
[2021.09.15] at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte buffer, AsyncProtocolRequest asyncRequest)
[2021.09.15] at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
[2021.09.15] at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverCertificate)
[2021.09.15] at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting, Log log, String sessionId)
[2021.09.15] at MailService.TcpServerLib.SMTP.SMTPSession.#W8()
First I thought it might be TLS version mismatch, but then I noticed it lacks a "common algorithm".
What should I be looking for here?