Enfore TLS when sending outbound emails from OTRS

Moderator: crythias

Post Reply
alek12z
Znuny newbie
Posts: 10
Joined: 16 Feb 2021, 11:46
Znuny Version: 6.0.28
Real Name: Aleksandar

Enfore TLS when sending outbound emails from OTRS

Post by alek12z »

Hi we have sendmail configured for sending ticket replies, using port 587.

all works fine, except when sending emails, TLS encryption is not used(tlsversion=NONE in logs)(logs from email server)


PSComputerName : outlook.office365.com
RunspaceId : 86aa4b90-4d93-4746-a2af-af8e1e5c2f0b
PSShowComputerName : False
MessageId : <1625184023.561604.719998593@hd-ticketsys-01.mydomain.local>
MessageTraceId : c1ad7f72-3564-4ab6-89a1-08d93cec855f
Date : 7/2/2021 12:01:20 AM
Event : Receive
Action :
Detail : Message received by: AM4PR0802MB2146.eurprd08.prod.outlook.com
Data : <root><MEP Name="ConnectorId" String="AM4PR0802MB2146\Default AM4PR0802MB2146"/><MEP Name="ClientIP"
String="2603:10a6:208:132::19"/><MEP Name="ServerHostName"
String="AM4PR0802MB2146.eurprd08.prod.outlook.com"/><MEP Name="FirstForestHop"
String="AM4PR0802MB2146.eurprd08.prod.outlook.com"/><MEP Name="DeliveryPriority"
String="Normal"/><MEP Name="ReturnPath" String="support@mydomain.com"/><MEP Name="CustomData" Blob="S:P
roxyHop1=AM0PR10CA0014.EURPRD10.PROD.OUTLOOK.COM(2603:10a6:208:17c::24);S:tlsversion=NONE"/><MEP


I would like to enforce TLS communication when OTRS sends emails.

Is there anything in addition that needs to be set, in order for sendmail in OTRS to enforce usage of TLS?

OTRS version: 6.0.30
OS version: Ubuntu 18.04.5 LTS

Thank you.
wurzel
Znuny guru
Posts: 3224
Joined: 08 Jul 2010, 22:25
Znuny Version: x.x.x
Real Name: Florian

Re: Enfore TLS when sending outbound emails from OTRS

Post by wurzel »

Hi,

my recommendation would be to use a local mailserver and configure it properly. Are you sure you configured sendmail?
AFAIK OTRS has no possibilities to enforce it, as it uses smtps perl modules only.

kind regards
Flo
OTRS 8 SILVER (Prod)
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11

-- Ich beantworte keine Forums-Fragen PN - No PN please

I won't answer to unfriendly users any more. A greeting and regards are just polite.
alek12z
Znuny newbie
Posts: 10
Joined: 16 Feb 2021, 11:46
Znuny Version: 6.0.28
Real Name: Aleksandar

Re: Enfore TLS when sending outbound emails from OTRS

Post by alek12z »

Hi Wurzel,

Thank you for your reply.

we use Microsoft Exchange Online for mail server, and yes Sendmail is configured


SendmailModule: Kernel::System::Email::SMTPTLS
SendmailModule::Host: smtp.office365.com
SendmailModule::Port: 587

along with username and password for AuthUser and AuthPassword.

Is there anything specific that I should consider at the email server side, if you can advise?


Thank you
jojo
Znuny guru
Posts: 15019
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:

Re: Enfore TLS when sending outbound emails from OTRS

Post by jojo »

Hi,

Port 587 (Submission) enforces TLS and authentification. So either your log is wrong or MS does not use TLS (which I doubt). What Wurzel suggested is to use a local MTA like Postfix and submit the outgoing mails from OTRS to the sendmail binary.
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Post Reply