Stuck establishing guaranteed end-to-end encryption: New mailchat server

Groctel · December 13, 2025, 12:05am

Delta Chat version

2.25.3 (git: v2.25.3-makepkg), I installed the server from chatmail/relay commit b000213.

Expected behavior

Since all the tests pass, I should be able to send and receive messages from users in my instance or other instances.

Actual behavior

I cannot send or receive anything. Instead, the client is forever stuck saying “Establishing guaranteed end-to-end encryption, please wait…”.

Steps to reproduce the problem

Install Delta Chat in a server (see logs below).
Add a user with the QR or the link (I tried both).
Try to send a message to the user added in (2).
Cannot establish encryption.

Apart from all this, my main issue is that I don’t know where to look for logs in the server in order to debug it. I don’t know what I’m looking for in the client logs either. Is there something I’m missing? Do I have to do something special with the domain’s email configuration? Should I even have to pay for the domain’s email?

Thanks in advance

Screen snapshots N/A

Debug logs

Logs

I’m uploading some logs to paste.sr.ht as I otherswise hit the character limit.

I ran cmdeploy run twice just to be safe. This is the second run. I unfortunately don’t have logs from the actual installation in the server.

After that, I ran cmdeploy dns and got the text below. I read that the lacking records are not necessary, but they may be an issue? In particular, my name server doesn’t allow more than one value in CAA, so I cannot add the one it says

(venv) groctel:relay(main) $ cmdeploy dns
Collecting initial DNS settings..............
Check expected zone file entries...........................................
WARNING: these recommended DNS entries are not set:

delta.palique.eu.                   CAA 0 issue "letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/2865252166"
_submission._tcp.delta.palique.eu.  SRV 0 1 587 delta.palique.eu.
_submissions._tcp.delta.palique.eu. SRV 0 1 465 delta.palique.eu.
_imap._tcp.delta.palique.eu.        SRV 0 1 143 delta.palique.eu.
_imaps._tcp.delta.palique.eu.       SRV 0 1 993 delta.palique.eu.

These are today’s client logs: Delta client logs — paste.sr.ht

More details

When I run the tests without extra variables, all goes well. However, I tried running it as CHATMAIL_DOMAIN2=nine.testrun.org cmdeploy test and I got it stuck on the last test. Cancelling the task there got me this error:

/home/groctel/Documents/Git/fork/relay/venv/lib/python3.13/site-packages/_pytest/main.py:353: PluggyTeardownRaisedWarning: A plugin raised an exception during an old-style hookwrapper teardown.
Plugin: 140169562958752, Hook: pytest_sessionfinish
OSError: cannot send (already closed?)
For more information see https://pluggy.readthedocs.io/en/stable/api_reference.html#pluggy.PluggyTeardownRaisedWarning
  config.hook.pytest_sessionfinish(
/home/groctel/Documents/Git/fork/relay/venv/lib/python3.13/site-packages/_pytest/main.py:353: PluggyTeardownRaisedWarning: A plugin raised an exception during an old-style hookwrapper teardown.
Plugin: 139895216925600, Hook: pytest_sessionfinish
OSError: cannot send (already closed?)
For more information see https://pluggy.readthedocs.io/en/stable/api_reference.html#pluggy.PluggyTeardownRaisedWarning
  config.hook.pytest_sessionfinish(

This is probably not related to the topic, but as they are failiing tests it would be unwise to not report it.

link2xt · December 13, 2025, 2:55am

It could be that your server is not allowed to send emails outside because port 25 is blocked.

You can check if outgoing messages cannot be sent out by looking at the message queue by logging into your server and running postqueue -p.

WofWca · December 13, 2025, 6:06am

So does messaging between two accounts on your server work, or is it only about other servers?
If it’s only about other servers, see

I don’t know much about DNS for email servers, but if you want my guess, I suspect that the DNS setup is indeed what’s missing.

Groctel · December 13, 2025, 4:55pm

Thank you both for your help!

It was @link2xt’s solution, that the server didn’t allow outgoing emails. However, and this is specific advice for Clouding users, even if the Network page shows that port 25 is active, there’s a toggle at the top of the page saying that outgoing email is disabled. Don’t miss it like I did! It’s also worth checking in your server page even if you use a different VPS.

Before enabling outgoing emails, postqueue -p gave me lots of “unable to connect” errors. Now, it just tells me that the mail queue is empty.

Thanks to @WofWca for prompting me to dig into the federation aspect of the issue. I could send and receive messages inside my relay, but not federate.

All in all, big kudos to you guys and (if it’s not you) the developers of the chatmail relay installer. It’s been a really easy process with just one small debugging bump. I’m excited to see the server scale when more users join… Famous last words!