Can't set up email in local environment

I give up after tons of mails here and days of tries…
I have my own SME server as the mail server in my home office. It uses SSL/TLS for POP3 and SMTP.
When I run wireshark on my mail client (kmail) sending a mail, I see port 465 is used.
When I run:
root@erpnext:/home/frappe# nc -vv srv.plris.com 465
Connection to srv.plris.com 465 port [tcp/urd] succeeded!
Don’t know what is “urd”…:frowning:
But if I configure my email domain in ERPNext as TLS+465 it exits with timeout.
But any attempt to send an email fails with no traces of anything anywhere including wireshark running on ERP machine.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@

The server also listens on port 25 with TLS. Below is the wireshark. Here 250 is ERPNext machine, 254 is the mail server.

No. Time Source Destination Protocol Length Info
36 22.546442 192.168.50.250 192.168.50.254 TCP 74 48372 → 25 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=48917 TSecr=0 WS=64

No. Time Source Destination Protocol Length Info
37 22.546793 192.168.50.254 192.168.50.250 TCP 74 25 → 48372 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=2678674271 TSecr=48917 WS=64

No. Time Source Destination Protocol Length Info
38 22.546837 192.168.50.250 192.168.50.254 TCP 66 48372 → 25 [ACK] Seq=1 Ack=1 Win=29248 Len=0 TSval=48918 TSecr=2678674271

No. Time Source Destination Protocol Length Info
39 22.622440 192.168.50.254 192.168.50.250 SMTP 94 S: 220 extern.plris.com ESMTP

No. Time Source Destination Protocol Length Info
40 22.622536 192.168.50.250 192.168.50.254 TCP 66 48372 → 25 [ACK] Seq=1 Ack=29 Win=29248 Len=0 TSval=48936 TSecr=2678674345

No. Time Source Destination Protocol Length Info
41 22.622897 192.168.50.250 192.168.50.254 SMTP 84 C: ehlo [127.0.1.1]

No. Time Source Destination Protocol Length Info
42 22.622978 192.168.50.254 192.168.50.250 TCP 66 25 → 48372 [ACK] Seq=29 Ack=19 Win=14528 Len=0 TSval=2678674347 TSecr=48936

No. Time Source Destination Protocol Length Info
43 22.624682 192.168.50.254 192.168.50.250 SMTP 178 S: 250 plris.com Hi erp.plris.com [192.168.50.250] | 250 PIPELINING | 250 8BITMIME | 250 SIZE 15000000 | 250 STARTTLS

No. Time Source Destination Protocol Length Info
44 22.624859 192.168.50.250 192.168.50.254 SMTP 76 C: STARTTLS

No. Time Source Destination Protocol Length Info
45 22.625389 192.168.50.254 192.168.50.250 SMTP 89 S: 220 Go ahead with TLS

No. Time Source Destination Protocol Length Info
46 22.625661 192.168.50.250 192.168.50.254 TLSv1.2 355 Client Hello

No. Time Source Destination Protocol Length Info
47 22.641055 192.168.50.254 192.168.50.250 TLSv1.2 2962 Server Hello

No. Time Source Destination Protocol Length Info
48 22.641065 192.168.50.254 192.168.50.250 TLSv1.2 844 Certificate, Server Key Exchange, Server Hello Done

[2 Reassembled TCP Segments (3000 bytes): #47(2825), #48(175)]
Secure Sockets Layer
Secure Sockets Layer

No. Time Source Destination Protocol Length Info
49 22.641118 192.168.50.250 192.168.50.254 TCP 66 48372 → 25 [ACK] Seq=318 Ack=3060 Win=35008 Len=0 TSval=48941 TSecr=2678674361

No. Time Source Destination Protocol Length Info
50 22.643963 192.168.50.250 192.168.50.254 TLSv1.2 192 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
51 22.644959 192.168.50.254 192.168.50.250 TLSv1.2 292 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
52 22.645154 192.168.50.250 192.168.50.254 TLSv1.2 113 Application Data

No. Time Source Destination Protocol Length Info
53 22.647927 192.168.50.254 192.168.50.250 TLSv1.2 193 Application Data

No. Time Source Destination Protocol Length Info
54 22.648959 192.168.50.250 192.168.50.254 TCP 66 48372 → 25 [FIN, ACK] Seq=491 Ack=4191 Win=40832 Len=0 TSval=48943 TSecr=2678674371

No. Time Source Destination Protocol Length Info
55 22.649575 192.168.50.254 192.168.50.250 TLSv1.2 97 Encrypted Alert

No. Time Source Destination Protocol Length Info
56 22.649597 192.168.50.250 192.168.50.254 TCP 54 48372 → 25 [RST] Seq=492 Win=0 Len=0

The last two packets put me in stupor.

Any help will be very highly appreciated!
Many thanks ahead.

Hi leonp,

Of course a timeout error typically occurs when a service that runs on a given server, fails to respond. A service listens on a specific port on a given server. So first you must resolve what service runs on what port on what server, and ensure that port is open for the connection to succeed.

You seem to have several servers - srv.plris.com, extern.plris, plris.com, erp.plris, your SME server x.x.x.254, ERPNext x.x.x.250. Recall too that your LAN/WAN gateway port must be open.

I have no wireshark experience but use instead this tool for eg

openssl s_client -starttls smtp -connect mail.vm:587

edit: some example sessions for ideas:

https://scottlinux.com/2014/06/05/check-for-smtp-tls-from-command-line-with-openssl/

Also too to run ERPNext as root is not good practice.

Hello, clarkej.
Thank you for your reply…:slight_smile:
I understand what is the timeout after about 40 years of programming… :slight_smile:
The servers names you mentioned are all aliases of the same 192.168.50.254 computer (SME server) which is the POP3 and SMTP server at the same time (also DNS, HTTP and some others), except erp and erpnext which is 192.168.50.250.
There is no need in gateway as everything is in the same subnet 192.168.50.xx
I tried to use the openssl tool, but probably because the lack of knowledge didn’t succeed. It writes to me CONNECTED and nothing more despite my attempts to use simple telnet-like commands…
But there are about 15 mail clients/computers which connect and send mails everywhere without a problem. And the connection is as I defined (seems to me!): port 465, normal password, SSL/TLS.

ok so just two servers on same subnet!

Another idea is whether your smtp login requires a base64 encoding of your username and password; this explains how to generate that and gives an example telnet session How to Test SMTP AUTH using Telnet

Another thought is whether IPV4 versus IPV6 connection or setting is at play somewhere?

Oh, I am sorry to bother you with my problems… :frowning:
But this is what happens:
telnet 192.168.50.254 25
Trying 192.168.50.254…
Connected to 192.168.50.254.
Escape character is ‘^]’.
220 extern.plris.com ESMTP
EHLO leonp.plris.com
250-plris.com Hi extern.plris.com [192.168.50.254]
250-PIPELINING
250-8BITMIME
250-SIZE 15000000
250 STARTTLS
AUTH LOGIN
500 Unrecognized command

And this is reproducible on several; computers including extern (SMTP server) itself. So, this is not the problem if firewall (as they say in the internet) or similar.
This error is returned to all variants of AUTH command I tried… :frowning:

And, IPv6 is not used anywhere in my network.

"
250 STARTTLS
AUTH LOGIN
500 Unrecognized command
"

Your problem seems to be with the encryption session startup, that involves an SSL certificate?

So then try this on various ports:

openssl s_client -starttls smtp -connect 192.168.50.254:587

and see where that takes you…

Here are the results of 587 (isn’t defined anywhere in my setupa) and 465 (defined in clients):
[root@leonp home]# openssl s_client -starttls smtp -connect 192.168.50.254:587
139948394858240:error:0200206F:system library:connect:Connection refused:crypto/bio/b_sock2.c:108:
139948394858240:error:2008A067:BIO routines:BIO_connect:connect error:crypto/bio/b_sock2.c:109:
connect:errno=111
[root@leonp home]# perror 111
OS error code 111: Connection refused
[root@leonp home]# openssl s_client -starttls smtp -connect 192.168.50.254:465
CONNECTED(00000003)
Here I wasn’t able to reach any reaction - EHLO, HELO, etc. produce no reaction, just accepting everything what is typed.
Thank you!

So what is leonp here at what ip address?

Logged in on 129.168.50.254 - your mail server- what do you get when you try this on your various ports including 25?

openssl s_client -host 127.0.0.1 -port 587 -starttls smtp

The response here is what a healthy tls session connection looks like:

openssl s_client -host smtp.gmail.com -port 587 -starttls smtp

John,
leonp is my computer at 192.168.50.57.
Attempt to login to 25 leads to STARTTLS and I don’t know what to do further and also the purpose. If I can partially login to 25, doesn’t this mean that it is ok?
Thank you!

Well I am stumped that TLS goes nowhere in your case.

"
I have my own SME server as the mail server in my home office. It uses SSL/TLS for POP3 and SMTP.
"

TLS requires that you define an encryption certificate, correct?

You have one otherwise that is your issue here?

O!!! This seems to me the issue too!
Where and how can I solve this in ERPNext setup?
When I defined the account in mail client it simply asked me to accept the certificate and I did.
How do I do this here?

Yes for TLS to work both ends need their own CA certificate for eg self-signed.

Once your mail server has that, run a TLS SMTP local connection test.

Once your ‘localhost’ works, then only at that point run the ‘remote’ TLS SMTP test from 254.

Of course you will need to identify what specific ports are used.

The various logs in /var/log will help confirm the expected behaviour.

Best for you to look up a suitable howto than for me to find and suggest one for your specific OS and environment.

cheers