02-23-2017 06:41 AM
Hi I am trying to send inbound emails, but it fails when sending from Gmail. When I send over telnet, it works.
Error I am getting is :
TLS Negotiation failed: generic::failed_precondition: starttls error (0): protocol error
I have my Alfresco 4.2.f running on domain with self signed cert. Have configured DNS and MX.
This is my configuration
email.inbound.enabled=true
email.server.enabled=true
email.server.port=25
email.server.domain=mydomain.com
#email.inbound.unknownUser=anonymous
#email.server.allowed.senders=.*
DNS zone file:
@ IN A 1.2.3.4
www IN A 1.2.3.4
@ IN MX 10 1.2.3.4
I have a specific user that is is EMAIL_CONTRIBUTORS list also.
Any suggestions what could be the issue?
02-23-2017 09:37 AM
Using self-signed certificates is not recommended for email servers. Origin mail servers are likely to be configured NOT to trust those certificates.
02-23-2017 10:39 AM
Well Alfresco has built-in mail server I understand and I have to use that for inbound mails?
This guide from Alfresco tells me to create the self signed certificate.
02-23-2017 11:21 AM
You can use a self-signed certificate for your Alfresco inbound email server capabilties IF you know for sure that all email servers that will route emails to Alfresco accept a self-signed certificate. E.g. one of the ways I have used the inbound email server in the past is by having a Microsoft Exchange mail server - which dealt with all the emails for the customer domain - forward emails for specific addresses to Alfresco. The Exchange server was under the control of the customer and configured to accept self-signed certificates from the Alfresco server, and all the publich email servers would only talk with the Exchange mail server, which used a proper, publicly signed certificate.
I am jus saying that using a self-signed certificate for Alfresco in a situation where any mail server can send emails to it might not work when those mail servers don't accept self-signed certificates. E.g. my company email server has been set up in a way to not accept self-signed certificates at all (when using TLS).
02-23-2017 11:36 AM
I googled a little bit and this is how Gmail works:
"You have most likely enabled inbound TLS within the MailEnable SMTP properties window under the "General" tab which is failing. Try and disable the TLS option for SMTP and then try to send from Gmail again to your server and Gmail will fall back to use non TLS. TLS requires that you set a valid SSL certificate within MailEnable do be used for the TLS connection."
Is there possibility to disable TLS for Alfresco?
02-23-2017 11:43 AM
You can disable TLS for inbound SMTP by setting email.server.enableTLS=false
But honestly: In 2017 no one should sacrifice security for the reason of being too lazy to generate a properly signed certificate, especially when those are available for free from Let's Encrypt. I use a certificate from Let's Encrypt for my mail server and it is extremely easy to create / renew the certification.
Explore our Alfresco products with the links below. Use labels to filter content by product module.