Hi @boris ,
like this use case (can send but cannot receive), opened port 25 (TCP only is enough?) and here follows the output of netcat:
root@syncloud:~# nc -vz gmail-smtp-in.l.google.com 25
DNS fwd/rev mismatch: gmail-smtp-in.l.google.com != rb-in-f26.1e100.net
gmail-smtp-in.l.google.com [142.250.102.26] 25 (smtp) open
root@syncloud:~#
Any suggestion? Thanks in advance
Simone
We have this doc: Mail · syncloud/platform Wiki · GitHub
Did you enable external access so you device DNS is available from Internet?
Another thing ISP can block incoming port 25, can you run the same command from a device in the internet (or phone on kobile network)?
Did you enable external access so your device DNS is available from Internet?
external access is working, you can try it here.
In the while I have collected a new information: mail messages are bouncing back with this (signature?) error:
TLS Negotiation failed: FAILED_PRECONDITION: starttls error (71):
6919030981960:error:04000069:RSA routines:OPENSSL_internal:BAD_SIGNATURE:third_party/openssl/boringssl/src/crypto/fipsmodule/rsa/rsa.c:634: ;
6919030981960:error:10000072:SSL routines:OPENSSL_internal:BAD_SIGNATURE:third_party/openssl/boringssl/src/ssl/handshake_client.cc:1197:
We have this doc: Mail · syncloud/platform Wiki · GitHub
Yes, I started from there 
Another thing ISP can block incoming port 25, can you run the same command from a device in the internet (or phone on kobile network)?
Unfortunately I don’t have any other linux OS running at home 
except for Android devices but it looks like nc command does not work on Android consoles.
Thanks
Simone
Can you send you device email to support at syncloud.it so I can test?
Looks like port 25 is open. Not sure where TLS error is coming from.
Sent you test mail, did not get any bounce mail back.
Can you open mail app and see if you received it?
hi @boris ,
your message arrived successfully. But…you wrote from a @syncloud.it address. If you try from a different domain it will bounce back after some (several!) hours. I have tried yesterday from my personal mail.
Sent another one from gmail
not yet arrived. You should receive an error msg in the next 24+ hrs. Pls have a look at it. Thx a lot
Simone
Ok, got it, coould you restart mail:
snap restart mail
And then try again?
Done:
root@syncloud:~# snap restart mail
Restarted.
root@syncloud:~#
Then I have tried again to send a message. 10 mins after nothing arrived
Ok, is this a fresh install of mail or it was installed some time ago and went throught a few upgrades?
Could you reinstall it to see if that helps?
hi Boris,
it’s a fresh install with no upgrades. As a reference of the install you can take the date of my first post here. No upgrades were released in the while.
I’m sorry
Ok could you run these commands:
uname -a
lsb_release -a
snap list
root@syncloud:~# uname -a
Linux syncloud 4.9.236-63 #1 SMP PREEMPT Wed Dec 9 22:25:50 UTC 2020 aarch64 GNU/Linux
root@syncloud:~#
lsb_release was not installed. I have installed it and the output is the following one:
root@syncloud:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
root@syncloud:~#
root@syncloud:~# snap list
Name Version Rev Tracking Developer Notes
jellyfin 90 90 stable syncloud -
mail 239 239 stable syncloud -
nextcloud 603 603 stable syncloud -
platform 1481 1481 stable syncloud base
plex 86 86 stable syncloud -
users 244 244 stable syncloud -
wordpress 156 156 stable syncloud -
root@syncloud:~#
Thanks
Simone
all looks good, same thing works on my intel x64 image, let me do some tests on arm64 device.
I did not know that mail providers can do starttls on port 25.
Issue: [mail] tls receive error · Issue #657 · syncloud/platform · GitHub
Can you send logs from Settings - Support so I can see what is happening on server side?
Did some more testing, here is the command:
echo "A Logout" | openssl s_client -connect [domain-name]:25 -verify 3 -starttls smtp
where [domain-name] has to be specified.
On your (HC4?) it returns among other things:
gmail does not like this:
281473544787840:error:04091068:rsa routines:int_rsa_verify:bad signature:../crypto/rsa/rsa_sign.c:220:
281473544787840:error:1416D07B:SSL routines:tls_process_key_exchange:bad signature:../ssl/statem/statem_clnt.c:2406:
also it shows this:
New, (NONE), Cipher is (NONE)
while should be showing this:
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
I have tested both hc4 arm63 and nuc intel, both produce correct result.
Is it possible to rewrite the latest image on your device and test again?
yes, I’m going to do that also to exploit the latest image because I’m still on an old release (you can refer to the thread about Rocket.chat). It will take some time, I’ll be back to you as soon as I’ll have it tested.
Thanks a lot for your great support