Getting SSl certificate error on AquaMail app

RouterOS General
1

Hello brothers can some one help me sort out this issue on my x86 ,yahoo mail website seems to be sluggish and Aqua mail app gives me this error ONLY ON YAHOO MAIL this part was confusing for me as all other websites work fine.When i switch to mobile data or try at work wifi aquamail is perfectly fine So what is blocking these services at my home install of mikrotik

I have a very basic install pppoe wan,no firewall rules ,what could be the issue brethen..

> ip dhcp-server
add address-pool=dhcp_pool6 interface=lan lease-time=1d30m name=dhcp1
/ppp profile
set *0 change-tcp-mss=default
/system logging action
set 0 memory-lines=100
/certificate settings
set crl-download=yes crl-use=yes
/ip settings
set accept-redirects=yes accept-source-route=yes
/ipv6 settings
set accept-router-advertisements=yes
/interface detect-internet
set detect-interface-list=all internet-interface-list=all wan-interface-list=all
/ip address
add address=10.255.10.1/24 interface=lan network=10.255.10.0
/ip dhcp-server network
add address=10.255.10.0/24 dns-server=10.255.10.1 gateway=10.255.10.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-size=40480KiB servers=\
    213.42.20.20,195.229.241.222
/ip dns adlist
add ssl-verify=no url=\
    https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/light.txt
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.255.10.0/24
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/ipv6 address
add from-pool=dhcp6 interface=lan
/ipv6 dhcp-client
add allow-reconfigure=yes interface=pppoe-out1 pool-name=dhcp6 request=prefix \
    use-peer-dns=no
/ipv6 firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=forward connection-state=established,related
/ipv6 nd
set [ find default=yes ] disabled=yes
add advertise-dns=no interface=lan mtu=1492
/system clock
set time-zone-name=
/system package update
set channel=testing
![photo_6282845785028674353_y|230x500](upload://bsMl7KpV2A6CL0L1mHHIk2GXRAi.jpeg)

issue resolved after i made reset and configured again thnks guys

2

You then go on to show a config with DNS servers in UAE. Not to be xenophobic, but is that not reason for concern in itself? Have you tried enabling DoH service, with the endpoint in a more…shall we say liberal regime?

I tried asking both of those servers to resolve mail.yahoo.com, but they appear to be dropping query packets from other ISPs/countries.

You might want to retry that test locally, then doing a reverse lookup on the IP(s) you get to ensure that they do indeed belong to Yahoo/Oath. If not, your ISP may be playing games with your traffic. On some OSes, one may do this with:

$ dig mail.yahoo.com @195.229.241.222
$ whois $RETURNED_IP_GOES_HERE

Other OSes will require aftermarket tools to achieve the same level of detail.

no firewall rules

Why ever for? You do realize that this opens Winbox to the Internet, at the very least, not to mention losing out on all the rest of the filtering in the default firewall.

/ip dhcp-client

This has nothing to do with your topic question, but since you’ve opened the config for comment, I might as well tell you that you should remove this bit. It’s currently broken, and even if you “fix” it, it would be wrong on a PPPoE config.

advertise=“10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-full”

It is rare to need to specify Ethernet speeds on copper links, and when it is needed, it generally indicates a broken Ethernet implementation. I would try returning to auto-negotiation.

3

Hi, Himurae,

I edited your post to use code tags for code as it makes reading it easier.
image

1 Like
4

the config was not the current one i updated it ,the dns i selected was not the issue ,i now changed my router dns to cloudflare same results still that app is not loading yahoomails
i tried Vyos on another vm it is rocking and no issues so it has to be some configuration in mikrotik

image
image925Ă—590 30.3 KB