Community discussions

MikroTik App
 
Guscht
Member Candidate
Member Candidate
Topic Author
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

E-Mail / STARTTLS option not there?

Wed Mar 01, 2023 1:48 pm

Hi,

in the Wiki is stated:
tls (no|yes|starttls; Default: no) Whether to use TLS encryption:

yes - sends STARTTLS and continue without TLS if a server responds that TLS is not available;
no - do not send STARTTLS;
starttls - sends STARTTLS and drops the session if TLS is not available on the server.
https://help.mikrotik.com/docs/display/ROS/E-mail



But in the ROS (v7.8 ) there is no "starttls" option, only "tls only". But it is not stated how this behaves?!
Screenshot 2023-03-01 124646.JPG
You do not have the required permissions to view the files attached to this post.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3272
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: E-Mail / STARTTLS option not there?

Wed Mar 01, 2023 2:14 pm

The CLI options haven't changed, it's still same as doc'ed:
[me@mt] /tool/e-mail> set tls=<tab>
no  starttls  yes
But in winbox, their "Start TLS" = "tls only" ...
it sets "tls=yes" - sends STARTTLS and continue without TLS if a server responds that TLS is not available

Conversely, winbox "Start TLS" = "yes" ...
that sets "tls=starttls" - sends STARTTLS and drops the session if TLS is not available on the server.

But I'm just not sure that's a real improvement in usability – basically they pretend as if question was "starttls=", so all the boolean logic get reversed. (Well, except, "no" means "no")
 
Guscht
Member Candidate
Member Candidate
Topic Author
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: E-Mail / STARTTLS option not there?

Wed Mar 01, 2023 7:02 pm

Ok, now I am completely lost :D
I want to configure through Winbox a connection via TLS - no STARTTLS-carp. Which options is this?

For my undestanding, Winbox says "Start TLS" (which is ambiguous, does "Start TLS" refer to STARTTLS or Start [implicit] TLS):
yes = do the STARTTLS-stuff
no = do unencrypted stuff
tls only = do the "real" implicit TLS without STARTTLS-suff

But I may be wrong, MT totally screwed this simple thing up... :D
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3272
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: E-Mail / STARTTLS option not there?

Wed Mar 01, 2023 11:08 pm

Likely "Yes"

I generally use port 587 and, from Winbox's POV, it's "Yes" to the "Start TLS".

But in CLI, that's "tls=starttls port=587"
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3272
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: E-Mail / STARTTLS option not there?

Thu Mar 02, 2023 12:22 am

I normally use the SMTP that comes from my domain registrar for these kinda things. But test this with gmail to make sure. It for sure backwards between CLI and winbox – they change the UI name, so it's not wrong, just unhelpful.

Image

converts to:
/tool e-mail
set address=smtp.gmail.com port=587 tls=starttls user="me@gmail.com" password="use-google-app-password"
While Mikrotik made this more confusing in V7, it kinda starts confusing too. The critical thing is the port needs to match the "TLS" sitting. In all most all cases:
465 you want "tls only" in winbox (or tls=yes in CLI)
587 you want "yes" in winbox (or tls=starttls in CLI)

And gmail adds another twist. Since I don't normally use it, they want you to use an "App Password" for email from a device like RouterOS, apparently. See https://support.google.com/accounts/answer/185833?hl=en
 
matiss
MikroTik Support
MikroTik Support
Posts: 24
Joined: Fri Dec 30, 2016 10:13 am

Re: E-Mail / STARTTLS option not there?

Wed Mar 08, 2023 1:21 pm

Sorry about the confusion.
In Winbox is visible naming from RouterOS v6, where TLS-related settings are named differently than in v7.
RouterOS v6 => v7:
  • "Start TLS" => "TLS"
  • "tls only" => "yes"
  • "yes" => "starttls"
The issue is registered.

Who is online

Users browsing this forum: jerryuser, reinerotto and 39 guests