Mxtoolbox is reporting that mail-server does not advertise support for TLS

[ghevge]

mxtoolbox is reporting that the mail-server does not advertise support for TLS, although I have TLS enabled on the mail server and reverse proxy side. It seems to expect a particular message from the mail server:
Your SMTP email server does advertise support for TLS. After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which commands and protocols it supports. Your server's response did not include "250-STARTTLS" indicating TLS support.

is this something that is missing from mail-server implementation, or is a configuration that I'm missing

[smorks]

TLS support is built in, as long as you have a certificate configured, I believe. the test is working fine for me, and my server is behind an haproxy reverse proxy.

mxtoolbox should show a session log, here's what mine looks like:

Connecting to X.X.X.X

220 mail.domain.com Stalwart ESMTP at your service [192 ms]
EHLO keeper-us-east-1d.mxtoolbox.com
250-mail.domain.com you had me at EHLO
250-STARTTLS
250-SMTPUTF8
250-SIZE 104857600
250-REQUIRETLS
250-PIPELINING
250-NO-SOLICITING
250-ENHANCEDSTATUSCODES
250-CHUNKING
250-BINARYMIME
250 8BITMIME [407 ms]
MAIL FROM:<[email protected]>
250 2.1.0 OK [1857 ms]
RCPT TO:<[email protected]>
550 5.1.2 Relay not allowed. [5187 ms]

LookupServer 10197ms

[ghevge]

@smorks thanks for your reply! how exactly you got those logs? I am looking at mxtoolbox Domain Health Report but I am not seeing such logs

[smorks]

it was right on the page after entering my mail server name here: https://mxtoolbox.com/diagnostic.aspx

here's a screenshot of what i see, i didn't change any settings or anything as far as i know?

[ghevge]

Weird... In the session transcript I only see this:

[ghevge]

Could it be due to the timeout?

[smorks]

yeah, it would say it's likely due to the timeout. i was also having issues trying to get the proxy protocol configured properly. i believe what ended up working for me was to have the IP's configured in the config.toml file rather than the Web UI. and then making sure your reverse proxy is configured correct too.

i was testing my setup by telnetting into my box (telnet box.domain.com <port>), and when it wasn't configured correctly, it would automatically disconnect i believe. if i remember correctly, it would give some errors about invalid commands or something.

[ghevge]

I've dropped the proxy and the warnings went away. The timeout dropped to 6s too. I can now see those session logs too.
Thanks for your input!