secure-join works as expected between accounts on three.hup.is and nine.testrun.org
Actual behavior
secure-join works between accounts on three.hup.is but fails between across servers
Summary
is secure-join expected to work across chatmail servers currently? the only remaining possible issue i have with my testing server, that i know of, is with the opendkim public key record in my DNS. i’m still fussing with this (it’s a DNS provider-side zonefile formatting thing that’s hard to confirm), but as far as i know that should not effect whether secure-join is working as i don’t think secure-join relies on dkim.
I have tried to setup an account on three.hup.is and send encrypted mail outside. I do not even see an SMTP connection from three.hup.is. Are you sure port 25 is open on your provider? Can you make a connection on port 25 outside at all?
E.g. you can do
DKIM is necessary to deliver mail to nine.testrun.org and other chatmail servers. Chatmail does not have any heuristic spam filters, but rejects any mails without aligned DKIM signature to make sure From forgery is impossible.
ah this is very helpful, thank you so much! my digitalocean account isn’t new at all, so i assumed without checking that port 25 was not blocked. i also assumed that cmdeploy test did something to test the accessibility of port 25, and none of those tests are failing. but i should not have assumed, and i’ll check tomorrow and follow up here!
Hmm - since OP seems to have solved the problem, I think I’d hijack the thread, rather than opening up a new one with the exact same title.
So, I have a chatmail server (chat.spliff-donk.de). It works for sending messages between accounts on the same server. However, when sending from that to e.g. c20.testrun.org, there are problems.
Sending from my server to c20, I see one green tickmark, and a lock, but no message is delivered to the other side. There is activity in the log on my server.
Sending from c20 to my server, I get Permanent SMTP error: permanent: Invalid unencrypted mail to […]
I notice, that when I initiate connection (scan QR code) were the account on my server scans the code for the c20 account, I get a message saying “Aborting previously unfinished QR join procoess” every time.
I have tested by sending a message from the outside to an account created at http://chat.spliff-donk.de/, it is received. Port 25 is open for reception. But message sent back is never received.
This is because sending unencrypted messages outside is not allowed by chatmail server itself. But even encrypted messages are never delivered.
Have you tested that port 25 is open, can you receive a banner if you connect to the outside (to nine.testrun.org port 25 or gmail port 25) with netcat or telnet?
I misunderstood the entire time - I was doing nc chat.spliff-donk.de 25 from the outside, to check if the port was open.
But logging onto my server, and doing nc nine.testrun.org 25 from there gives nothing - so the port is closed for outside connections. Thats probably my problem
Thank you so much for clarifying this.
You wouldn’t happen to know how I get the port opened? (Hetzner).
Yes - after having hijacked the thread for a slightly different problem, it turned out my problem was exactly the same as the OPs - my server blocked outgoing connections from port 25 (In my “Jugendlicher Leichtsinn”, I thought the problem was incoming connections to port 25 being blocked…).
Politely asked my service provider to open port 25, which was done quite quickly - and now everything works like a charm.
Thank you all for the help, and for making this software. I appreciate it.