Dear Zammad Community,
We’re reaching out regarding an unusual integration issue that occurs exclusively when connecting Zammad to our corporate Microsoft Exchange 2019 mail server (FQDN: EMY.FLAN.LOC). What makes this particularly puzzling is that:
-
Our mail infrastructure has been running flawlessly for over 3 years
-
All other clients and services (Outlook, mobile apps, third-party integrations) work perfectly via:
- IMAP (port 993)
- SMTP (ports 465 and 587)
-
The problem occurs only with Zammad integration
Environment Details:
- Zammad: Version 6.5.0
- Installation Type: Docker container (official image) via Portainer
- Host OS: Tested on both Windows Server 2022 and Ubuntu 22.04 LTS
- Exchange: Microsoft Exchange Server 2019 CU12 (EMY.FLAN.LOC)
- Browser: Chrome 137.0.7151.120 (official build, 64-bit)
Detailed Problem Description:
1. Error when using port 465 (SSL/TLS):
SSL_connect returned=1 errno=0 peeraddr=83.69.193.154:465 state=error: wrong version number
Troubleshooting attempts for port 465:
- Enabled all modern protocols on Exchange (TLS 1.2, TLS 1.3)
- Verified certificate (self-signed but valid and not expired)
- Explicitly added our CA root certificate to Zammad’s Docker container trust store:
cp our_ca.crt /usr/local/share/ca-certificates/ update-ca-certificates - Completely disabled certificate verification in Zammad settings
- Tested with openssl s_client:
openssl s_client -connect EMY.FLAN.LOC:465 -tls1_2
2. Error when using port 587 (STARTTLS):
bad response type "EMY.FLAN.LOC", expected OK or NO or BAD
Troubleshooting attempts for port 587:
- Disabled STARTTLS in Zammad settings
- Disabled certificate verification
- Analyzed SMTP session via telnet:
Received immediate server response:telnet EMY.FLAN.LOC 587
(instead of standard Exchange greeting)220 EMY.FLAN.LOC
Critical Observations:
-
On Exchange side:
- All Receive Connectors have standard settings
- TLS 1.0, 1.1, 1.2 protocols are enabled
- Issue cannot be reproduced with any other client
-
On Zammad side:
- Problem occurs consistently across different OS (Windows/Ubuntu)
- Adding certificate to trust store didn’t help
- Port 587 error occurs BEFORE TLS handshake begins
Working Hypotheses:
- Zammad might use a specific SMTP session initialization method that conflicts with our Exchange
- Zammad’s Docker image might have special OpenSSL configurations
- Exchange might require a particular EHLO request format
Areas Where We Need Assistance:
- How to diagnose why Exchange responds with just FQDN instead of full SMTP greeting?
- Does Zammad allow customization of its SMTP client behavior?
- What alternative Exchange integration methods does Zammad support?
- Would upgrading Zammad to a newer version potentially help?
We Can Provide:
- Complete timestamped SMTP session logs
- Receive Connector configuration (including all parameters)
- Network analysis results (tcpdump)
- Detailed Docker container settings
P.S. We’ve literally tried all standard solutions from the documentation. This case is particularly interesting because it only manifests with Zammad despite our fully functional mail infrastructure. Has anyone encountered similar Exchange behavior before?
We sincerely appreciate any insights or suggestions! We’re ready to actively participate in diagnostics and testing potential solutions.
