SMTP settings - Use secure connection (STARTTLS)

https://****.quickfile.co.uk/account/smtpSettings
I have set up the SMTP settings but not with using secure connection (STARTTLS), each time this box is ticked an error message “It looks like there was a problem reaching your SMTP service”.

The email server is hosted by HeartInternet (Link to their help with SMTP settings which were updated last month https://www.heartinternet.uk/support/article/changes-to-smtp-ports.html) and from reading the information then connection should be possible via TLS.

In DNS there is a TXT record “include:spf.quickfile.co.uk”.

At present because the STARTTLS is not engaged clients receive emails with “Perhaps sent by spammer” if looking at such emails in Gmail
google-unsure-of-senders-credentials

Any idea what needs to done to get a secure connection?

Hi @alan_mcbrien

STARTTLS is the option that QuickFile supports and is also the method the guide you linked to says to use:

It is also advisable to use STARTTLS for your encryption method.

It’s likely to be one or more of the details are incorrect, for example, the port number. The port number is often different for secure connections compared to an unsecured connection.

What port are you using at the moment?

Port number was updated from 25 to 587 as advised by HeartInternet in September and also referenced in their help sheet that I supplied you with a link.

Would you suggest that the error message received “It looks like there was a problem reaching your SMTP service” should be something that HeartInternet would be better placed at fixing the unsecure connection? Hard to work out sometimes which end of these intergrations is were best to ask advise.

Hi alan_mcbrien,
Does these setting work in a email client such as Thunderbird, your mobile phone or tablet? If not then will be a problem more within your supplier rather than in quickfile.

No problem with using the settings with other applications that are used, mainly Gmail used and that connects for sending SMTP emails without any error being reported.

I have had another go this morning using the three different port options.

Ports 25 and 487 report
It looks like there was a problem reaching your SMTP service
Error Message: The remote certificate is invalid according to the validation procedure.

Whilst trying with Port 465 a slightly different response
It looks like there was a problem reaching your SMTP service
Error Message: The operation has timed out.
More Details: Your SMTP server did not reply in a timely fashion. Please ensure the port number is correct and any firewall on the SMTP server is allowing outside access.

**"

Are you using your own mail server (e.g. mail.mydomain.com), or the generic Heart Internet one?

I’m assuming you’re on shared hosting here, in which case the mail server uses a generic SSL certificate. This is issued against a generic domain name (in Heart’s case, I believe this is something like extendmail?) rather than the individual domain name, causing an issue when it comes to validating it.

If you could use a generic mail server, that would be better. The same issue crops up if you use an email client such as Outlook as Google Mail on your phone, and you would see an issue about a name mis-match.

Edit
I’ve done a bit of searching on this, and for Heart Internet, the generic mail server does vary from account-to-account, but they look something like this: mail51.extendcp.co.uk

1 Like

Give how easy and cheap (free) it is to get domain validated certificates these days I’d be very surprised if this is still the case - does the client you’re using at the QuickFile side definitely send the right SNI in the TLS handshake?

I agree @ian_roberts, but surprisingly this does still exist.

According to the Heart Internet site, this is still the case. But of course, only they would be able to confirm it. @alan_mcbrien - it may be worth confirming this with them.

For reference, the guide is here, specifically this part:

You may receive a warning when making a secure connection to your mailbox. This is a common warning, and you can accept the certificate permanently despite the warning.

This topic was automatically closed after 7 days. New replies are no longer allowed.