Hope someone with some expertise can jump in:
I have a personal mail server behind an UTM 9 Home (Firmware 9.413-4) and just enabled E-Mail Protection on the UTM (Bridge Mode - works fine). While Email filtering etc. is working extremely good (Spam is blocked, SMTP Logs looks fine etc.), some certificate chain seems to be broken. some third party mail servers do not deliver incoming AND outgoing mails with the error on BOTH sides:
Server certificate not trusted / Diagnostic-Code: X-Postfix; Server certificate not trusted
The mail server handles all the certificates and even DNSSEC is implemented. The setup of the mail server itself is fine and it worked before deployed of the UTM. Having said that, the mail server tests do actually show (after deployment) an error (e.g. on https://de.ssl-tools.net/mailservers/; "unknown authority" as self signed cert is on UTM). It seems to check now the UTM internal TLS cert, and not anymore the original one directly on the mails server. While this makes in some way sense (as UTM is acting as a "MiM") i need to get rid of this problem, as a whole bunch of mails do not get delivered or received. My settings in E-Mail Protection -> SMTP are:
- Simple Mode
- Routing Tab: Domain: mydomain.xy / Route by: Static Host / Host List: (internal) IP of mail server / Recipient Verification: With callout
- Relaying Tab: Upstream Hosts/Networks: (internal) IP of mail server / Allowed Hosts/Networks: (internal) / Scan relayed (outgoing) messages: checked
- Advanced Tab: Use transparent mode: checked / TLS Settings: Local Cert (selected) / Advanced Settings: SMTP Hostname: mydomain.xy BATV: unset etc. / Smarthost Settings: (no smarthost)
Is it maybe possible to use E-Mail Protection without using a certificate on UTM? Means: Can i deploy UTM Mail Protection without relying on UTM certs?
Anyone can jump in here? Thx!
This thread was automatically locked due to age.
