Description

I’ve been using MailSpring for over a year for all my website emails. And it worked great, until now.

Before I was using HestiaCP to host the emails, I have recently migrated to Enhance Control Panel: https://enhance.com/

To Reproduce…

Just try to add a new email account with the data provided by Enhance: Monosnap

Which is basically using IMAP and SMTP.

Doing it that way, shows an error and does not allow you to configure the email account. Only by checking the “Allow insecure SSL” option, the email account is successfully configured.

Additional Context

I have contacted Enhance support, and this was their response:

"I was able to reproduce the error in Mailspring but I can find no explanation for it. The issue seems to be with the SMTP connection rather than the IMAP connection but they use the same certificate. The same mailbox with the same credentials works absolutely fine in Thunderbird.

I don’t think this is a problem with your server. Everything is correct with the SSL. Can you try reporting this issue to Mailspring?

openssl s_client -connect mail.mejorapress.com:465
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let’s Encrypt, CN = R3
verify return:1
depth=0 CN = mail.mejorapress.com
verify return:1

Certificate chain
0 s:CN = mail.mejorapress.com
i:C = US, O = Let’s Encrypt, CN = R3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 10 23:27:34 2024 GMT; NotAfter: Jun 8 23:27:33 2024 GMT
1 s:C = US, O = Let’s Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT

Server certificate
-----BEGIN CERTIFICATE-----
MIIF9TCCBN2gAwIBAgISBOc2GFkdj3tqJiKERzk+J61DMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAzMTAyMzI3MzRaFw0yNDA2MDgyMzI3MzNaMB8xHTAbBgNVBAMT
FG1haWwubWVqb3JhcHJlc3MuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAq4SEHBHu+93QpFnPKq/wUo86tbCVkm6YjNsN8jDrYbnrJH2/F3/keG4h
gqVQx4cevbuuUdUqOhjQiTKP/jq6TkLZLJfO+fMpPMINE2qlEMQXYIcLcJ76dEjd
CqfORG0FpZjbITES9jZ9gmJgTkAM0gHREmJm8Ru4KBEqNwOR5SO8y2bjHIpQX4BX
9w7geAwl+Vxc/CGUCPgZLGC7WbtSgwC2ZE/Cw48Q1Q94ln5GSekwS11kpXhX4fus
u+bo8scj/Iw+A6rsG6xB/rvFs+wklR4uSNcQ4z78IWglN0JJEKTPSmlGrS/VBumJ
h2euVWw/z7de6UEP7M9va8tx2z4hvrHHBwZMPPXbFz/tkbHFrkcDkBxRmQg3uGV6
ZChro/ob05Nd85NNNQ4WTGZPEFbx7J0VQBnNvj7tXMg2YxcCAhH7U8yeTtKAKKh3
HWgShPw6g9osmw+Ngenw9A89u27Vzp6dG3hEzm3GE4mhl+5L3gJjA1337vXINb9Y
0n00WNxIgkKbVn+KpIe9gJi1MZ7lcycX6LXl61hZFeir5t0gb5t5QqYqW0AM3Ss+
/uH6CeEoJRgPjpyToFM2HwpLC0ROnqWIPiSUkcNCdrCdPkQ6xRxD6u84Qlhci4hj
aEen88AHYS0UlIETsbU/bTGPoeGVJv46WKjgxtcN2aHjoo84JJECAwEAAaOCAhYw
ggISMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUtXt96pMwiP5bvUImcmR121aLuUMw
HwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBH
MCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKG
Fmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wHwYDVR0RBBgwFoIUbWFpbC5tZWpvcmFw
cmVzcy5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1
BIHyAPAAdgA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAY4q6F0u
AAAEAwBHMEUCIQDvPS/GiLO5Nwkh2uITTYzvzD1JbNIIcRUerrx7KnArHgIgeGDv
DqEb834OK6CS8X8zmS+yyftMrRW2rP/WQIrwkWMAdgDuzdBk1dsazsVct520zROi
ModGfLzs3sNRSFlGcR+1mwAAAY4q6F0zAAAEAwBHMEUCIENuX9aVlBm4xQBkfQum
ujw/iPLe6GvATlQ+n5bXq9WmAiEApvhpwT036+/+Tz4lC1WIZfX79z7r71B65BRp
WYsIg+owDQYJKoZIhvcNAQELBQADggEBALiBcquaTL7Hj+FhVOudXTd0t5fMNEOQ
JU3n7sga8F6KGbGt7jWWRMTz82yz6nxsNB9xtXpgv4LhKMuUvd8pC/716OVB3/lV
oXul9W8FPkc2UpJS1z5tZ8l5gzPRVjs1mQUJhDXsnLYEWKl3wSpXuCnwxf2Yn6OE
7LeHHo3embbtjqAiZWfO8hQDm0SeFPh1OF+2XHC5JalZ+BXbgQb0a/hiL46BcDXj
Xoq0yKTNCH+KaTqumnrOV0V5lc+yOAfoT8TF5WMEIIX36UzAZ/2ZZBKWOLTSRUJj
G+HnRUW+xhx5aXARuUHIBu0U9IKLMOiixeAi+hymc+NtwdTAel+vNkI=
-----END CERTIFICATE-----
subject=CN = mail.mejorapress.com
issuer=C = US, O = Let’s Encrypt, CN = R3

No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits

SSL handshake has read 3656 bytes and written 402 bytes
Verification: OK

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 6F670588DFF883338508BD6068B599338CE35BFB5D07B4C2DE312836371D374D
Session-ID-ctx:
Resumption PSK: F9DD389AF51684AD485793D39DCACBB3197A769A20A58FF0AC06EB7B2F33451DDA8D1C19016F3B9139481F679514DDCC
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - f2 99 36 6e 95 e9 3d be-d9 b9 5a b1 de 0b bd 0c …6n…=…Z…
0010 - 93 7e 8c 11 0b e1 8b 60-43 f7 e0 89 67 06 71 09 .~…C...g.q. 0020 - 55 50 2c 05 66 e4 7c 29-24 aa 84 24 72 88 3b a2 UP,.f.|)$..$r.;. 0030 - 1d 77 3b 94 75 a0 59 40-f1 ae 7f 0a 08 46 50 f1 .w;.u.Y@.....FP. 0040 - 4a da f5 13 85 d5 6d 46-75 a9 c6 fe c0 95 87 b2 J.....mFu....... 0050 - a7 eb 23 a3 12 aa 1c 88-5c 26 f7 70 d2 98 4c 39 ..#.....\&.p..L9 0060 - 04 5f ae 2b cf 0d dc bd-40 59 18 ba 57 6a 69 c0 ._.+....@Y..Wji. 0070 - 94 5f 2c 9a 59 ed ef 93-4e 09 96 63 3d 53 4d ad ._,.Y...N..c=SM. 0080 - 6f 37 db 12 4a 46 c5 c6-c5 aa 2c 78 1e 4a df 76 o7..JF....,x.J.v 0090 - 99 f0 02 e0 53 f6 3a 4b-34 21 53 a5 83 80 c6 0c ....S.:K4!S..... 00a0 - 4e 2b a4 bb 5d 08 08 8b-29 f7 9b 1b c4 36 e0 fa N+..]...)....6.. 00b0 - a4 c1 fd 96 8e 73 ef d2-7c 59 69 df 7f 41 b7 88 .....s..|Yi..A.. 00c0 - a3 04 1d 74 75 35 60 6a-55 f1 2b 00 98 89 6f dd ...tu5jU.+…o.
00d0 - bf be 54 45 22 de fa 07-69 71 20 7e bb 79 ac e5 …TE"…iq ~.y…
00e0 - 77 05 49 18 8f 9c 35 84-a8 6d 57 62 47 a9 79 1f w.I…5…mWbG.y.

Start Time: 1710164955
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0

read R BLOCK
220 cp.blockagency.co ESMTP Postfix"