Secure-join between accounts on separate chatmail servers

Delta Chat version

iOS: v1.42.8
Ubuntu 22.04: v1.42.2 installed with snap Install DeltaChat on Ubuntu using the Snap Store | Snapcraft
Chatmail: deployed at commit ee21155 to Debian 12 target

Expected behavior

secure-join works as expected between accounts on and

Actual behavior

secure-join works between accounts on but fails between across servers


is secure-join expected to work across chatmail servers currently? the only remaining possible issue i have with my testing server, that i know of, is with the opendkim public key record in my DNS. i’m still fussing with this (it’s a DNS provider-side zonefile formatting thing that’s hard to confirm), but as far as i know that should not effect whether secure-join is working as i don’t think secure-join relies on dkim.


I have tried to setup an account on and send encrypted mail outside. I do not even see an SMTP connection from Are you sure port 25 is open on your provider? Can you make a connection on port 25 outside at all?
E.g. you can do

$ ncat 25
220 ESMTP Postfix (Debian/GNU)

If banner is not received, then port 25 is blocked.

According to whois it is hosted on DigitalOcean, so likely the port is blocked if account is new:

You can open a support ticket asking them to enable port 25 if it is the case.

Yes, it works between other chatmail servers like,, and some of our testing servers like

DKIM is necessary to deliver mail to and other chatmail servers. Chatmail does not have any heuristic spam filters, but rejects any mails without aligned DKIM signature to make sure From forgery is impossible.

ah this is very helpful, thank you so much! my digitalocean account isn’t new at all, so i assumed without checking that port 25 was not blocked. i also assumed that cmdeploy test did something to test the accessibility of port 25, and none of those tests are failing. but i should not have assumed, and i’ll check tomorrow and follow up here!

1 Like

port is blocked :pray:

1 Like

Hmm - since OP seems to have solved the problem, I think I’d hijack the thread, rather than opening up a new one with the exact same title.

So, I have a chatmail server ( It works for sending messages between accounts on the same server. However, when sending from that to e.g., there are problems.

Sending from my server to c20, I see one green tickmark, and a lock, but no message is delivered to the other side. There is activity in the log on my server.

Sending from c20 to my server, I get Permanent SMTP error: permanent: Invalid unencrypted mail to […]

I notice, that when I initiate connection (scan QR code) were the account on my server scans the code for the c20 account, I get a message saying “Aborting previously unfinished QR join procoess” every time.

I have tested by sending a message from the outside to an account created at, it is received. Port 25 is open for reception. But message sent back is never received.

This is because sending unencrypted messages outside is not allowed by chatmail server itself. But even encrypted messages are never delivered.

Have you tested that port 25 is open, can you receive a banner if you connect to the outside (to port 25 or gmail port 25) with netcat or telnet?

Thank you for your help

I misunderstood the entire time - I was doing nc 25 from the outside, to check if the port was open.
But logging onto my server, and doing nc 25 from there gives nothing - so the port is closed for outside connections. Thats probably my problem

Thank you so much for clarifying this.
You wouldn’t happen to know how I get the port opened? (Hetzner).

Greetings and gratitude,

1 Like

Hetzner has FAQ entry about port 25 with a link to the console where you can ask to unblock it:

EDIT: seems to be working now by the way, message I sent from got delivered and Secure-Join that I started finished.

1 Like

Yes - after having hijacked the thread for a slightly different problem, it turned out my problem was exactly the same as the OPs - my server blocked outgoing connections from port 25 (In my “Jugendlicher Leichtsinn”, I thought the problem was incoming connections to port 25 being blocked…).
Politely asked my service provider to open port 25, which was done quite quickly - and now everything works like a charm.

Thank you all for the help, and for making this software. I appreciate it.