SMTP to MS Exchange not working with docker-compose stack

sgw · June 17, 2021, 5:25pm

Infos:

Used Zammad version: 4.1.x
Used Zammad installation type: docker-compose
Operating system of docker server: Debian 10.9
Operating system of client: Fedora 34
Browser + version: Chrome 91.0.4472.106

Expected behavior:

trying to setup a SMTP connection with credentials I successfully tested with swaks.

user: ticketing
pw: somepwd
server: exchange.my.tld
port:587

Actual behavior:

Getting the message:

“SSL_connect SYSCALL returned=5 errno=0 state=SSLv3/TLS write client hello”

Steps to reproduce the behavior:

try to create a SMTP account in Zammad dc-stack

what I found

old ticket in here with same issue was closed, something wrong at the exchange server (?)

other results in google point at some additional parameters needed “under the hood”:

so far I am unsure where to add that in the docker-compose-stack … which container, how to override things.

thanks for any pointers here

astrugatch · June 18, 2021, 12:25am

It looks like an SSL mismatch. Zammad tries to auto detect and configure SSL/STARTTLS automatically. Looks like that didn’t work. I recall having a similar issue, but we have a mail relay internally (on the same protected subnet as Zammad), so I just whitelisted our Zammad IP on that and sent the message to that to be relayed on port 25.

sgw · June 18, 2021, 6:26am

Yes, I checked their certificate and there are some issues with it.
Unfortunately I don’t expect them to fix that soon, I reported it and wait for response.
And I also don’t expect them to be able to quickly whitelist my stack, they aren’t the best admins …

To get Zammad working, at least for getting on with the tests, it would be great to be able to apply some workaround in the zammad-docker-compose-stack.

sgw · July 6, 2021, 8:51am

I can send mails via the swaks test tool from docker (port 25, no auth).
Their exchange admin is a bit uncooperative: he doesn’t check his logs and blames my part of the setup …

Zammad-email does not work, I don’t see details, only a “501 5.5.4 Invalid domain name” coming from the exchange server (which I interpret as “non-authed clients aren’t allowed to relay”).

sgw · July 6, 2021, 8:53am

Another thing:

server announces only “250-AUTH GSSAPI NTLM” … and no STARTTLS … could that work with Zammad at all? Would it work without AUTH?

I’d like to configure some workaround in some kind of config.php, if someone points me to the right file.

MrGeneration · July 6, 2021, 10:40am

Use the Microsoft 365 channel if you’re not using a on premise Exchange:
https://admin-docs.zammad.org/en/latest/channels/microsoft365/index.html

If it’s a on premise exchange, you’ll want to ensure that the Ciphers your host supports are supported and available by your exchange as well.

sgw · July 7, 2021, 5:46am

premise exchange in this case.
Yes, I know. Their admin is a bit … passive. Doesn’t check logs and blames docker/linux/zammad/…/my part of the setup without proof.

MrGeneration · July 29, 2021, 12:57pm

Sorry to hear - I’m afraid we can’t help you on that muscle fight.
You need Basic Auth or Login for Zammad. That’s something every experienced Exchange admin can setup for you within minutes. Even just for one application.

system · November 26, 2021, 12:58pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.