Sending SMTP e-mail through MiaB via External Domain

I have read many posts here regarding multiple domains externally hosted. I can’t find anything definitive on using MiaB as my e-mail server for externally hosted domains, meaning I want my website to send e-mails via MiaB.

I have MiaB running for almost a year now. Works great. I use it for e-mail for several domains. All domains use MiaB as their Nameserver. I have used Custom DNS page to set A records for my websites on external servers and all sites work great.

I would like these external sites to be able to use MiaB as their SMTP server. I just need it for outgoing mail so users of my site can get e-mail to reset their passwords or to broadcast an e-mail to our users.

My site can connect to Gmail SMTP or Mailtrap without an issue. It can not get access to my MiaB server. One of the differences is that Gmail and Mailtrap both use SSL where MiaB requires STARTTLS. Not sure if that is the issue that is stopping me, or not. Either way I really wish I could get this working.

This seems like a pretty basic function you would want a mail server to do. What I am I missing here?

Thanks for any input.

Dan

What are you trying to connect to MiaB with?

Hi @drdandc

I just walked someone else through this last weekend on Slack …

wanna join me there ? we can figure it out easier in real time chat than on the forum.

The biggest mistake I encounter is people forgetting the port number in the main.cf file on the external web server, or in the application that they are sending from.

I use Laravel which uses SwiftMailer. It is all PHP.

does not support STARTTLS iirc. :frowning:

Wait, I was helping you with this issue on Slack … did you attempt my proposed solution? @drdandc

The proposed solution of installing Postfix? No. I started but didn’t understand all the settings for it so I stopped. I was hoping someone could offer a solution here on the MiaB side of things. Why does MiaB have to be so restrictive as to only accept STARTTLS? Is there a way I can override that requirement?

@JoshData or someone working on the code would have to explain but to me the better question is this:

Why does Laravel not support STARTTLS?

From: https://www.limilabs.com/blog/ssl-vs-tls-vs-starttls-stls

STARTTLS problems

There were a few problems with this. There exists lots of software, that used the alternate port numbers with pure SSL/TLS connections. Client software can be very long lived, so you can’t just disable the encrypted ports until all software has been upgraded.

Each protocol received mechanisms to tell clients that the server supported upgrading to SSL/TLS (e.g. STARTTLS in IMAP’s CAPABILITY response), and that they should not attempt to login without doing the STARTTLS upgrade (LOGINDISABLED in IMAP’s CAPABILITY response). This created two unfortunate situations:

Some software just ignored the “login disabled until upgraded” announcement (LOGINDISABLED, STARTTLS) and just tried to log in anyway, sending the user login name and password over clear text channel. The server rejected the login and password, but the details had already been sent over the Internet in plain text.
Other software saw the “login disabled until upgraded” announcement, but then wouldn’t upgrade the connection automatically, and thus reported login errors back to the user, which caused confusion about what was wrong.

Both of these problems resulted in significant compatibility issues with existing clients, and so most system administrators continued to just use plain text connections on one port, and encrypted connections on a separate port number.

I am theorizing that one or the other of the bolded things are happening with Laravel.

I’d be happy to walk you through it on Slack. The instructions I recommend vary slightly from what is published in the advanced guide.

Both questions that someone on the development team would have to answer. I know I suggested on Slack to ask here - but this question delves into developer territory and may be better addressed on GitHub.

Well, Laravel uses SwiftMailer and that doesn’t support STARTTLS so we could ask why that is the case for SwiftMailer. My answer would be that it doesn’t because it works well most places like Gmail and Mailtrap. Why complicate things? Why does MiaB need to be different? I have never seen a mail server that required STARTTLS. SSL seems to an option for everyone else.

It would certainly be easier for me to get easier access to MiaB so that I don’t have to setup Postfix for every domain that I host. The main reason I wanted my own mail server was for my websites to have a clean mail server to work with.

It seems like here or somewhere someone posted that STARTTLS is the actual current standard, and those projects are not correctly conforming to the latest (10 years old?) RFC.

In any case, if it is using the PHP mail() function, then any sendmail compliant MTA will work.

For a whole lot of years I used nullmailer on my web servers. Very lightweight and very simple to configure.

Thanks. I am getting a clearer picture of the issue at hand.

I might also add that, depending on your use case, Gmail may decide to pause your account for 24 hours or 7 days or permanently. Small, personal usage they don’t care, but larger transactional mail is not what Google provides that service for. It’s buried somewhere in their ToS.

It would not be required to set up postfix for every domain that you host … you do however need a MTA on every web server itself so I would imagine that you, like most, have just one actual web server.

@openletter
The issue is that the OP is not wanting to install a MTA. Perhaps your suggested nullmailer is a better option for the OP. I can only recommend postfix as it is what I personally have experience with, though I know that there are other options available which likely would even be preferable.

@openletter thanks for the info on Gmail. It is not my intention to use Gmail. I want to use my MiaB.

I have found a reference to a patch that can get SwiftMailer to start using STARTTLS. I will give that a try.

1 Like

@alento thanks for the clarification that MTA is server based not domain based. I do have two servers but that is much less work than all of the domains.

Well, it seems I have wasted a lot of time here. It is now working for me. After investigating SwiftMailer a little more I noticed that startTLS is part of version 6 which is what Laravel is using.

For Laravel users I set MAIL_ENCRYPTION=tls in the .env file with by box SMTP settings and it works. I thought I had tried this before but I must have only used ssl and starttls.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.