port question #40

New issue

Closed

opened 2026-05-07 00:18:12 +02:00 by BreizhHardware · 2 comments

BreizhHardware commented

2026-05-07 00:18:12 +02:00

Owner

Originally created by @X0mbiRapt0r on GitHub (Jul 24, 2025).
Original GitHub issue: https://github.com/glenndehaan/unifi-voucher-site/issues/83

Originally assigned to: @glenndehaan on GitHub.

The question

Hi,

Firstly, excellent project, it works like a charm for our use case. :)
We recently set it up on a Pi in office, and everything worked, but once we moved it to the remote site where it is to be used, email functionality stopped working.
However, we have tracked this to port 25 being blocked by the ISP there. There's no fault with the container itself.
We had to use port 25 though, we tried using 587 with encryption, but it seems the TLS being used isn't what MS365 (which is notoriously picky about TLS, specifically expecting STARTTLS usually) likes.
I get this error when trying to use TLS over port 587: "[Mail] A0A52289FFFF0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80:"

Is there a way to apply finer control to the SMTP security, like specifying STARTTLS or TLS version 1.3/1.2?
Has anyone else maybe reported similar issues with the SMTP implementation and MS365 as the SMTP provider?

Originally created by @X0mbiRapt0r on GitHub (Jul 24, 2025). Original GitHub issue: https://github.com/glenndehaan/unifi-voucher-site/issues/83 Originally assigned to: @glenndehaan on GitHub. ### The question Hi, Firstly, excellent project, it works like a charm for our use case. :) We recently set it up on a Pi in office, and everything worked, but once we moved it to the remote site where it is to be used, email functionality stopped working. However, we have tracked this to port 25 being blocked by the ISP there. There's no fault with the container itself. We had to use port 25 though, we tried using 587 with encryption, but it seems the TLS being used isn't what MS365 (which is notoriously picky about TLS, specifically expecting STARTTLS usually) likes. I get this error when trying to use TLS over port 587: "[Mail] A0A52289FFFF0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80:" Is there a way to apply finer control to the SMTP security, like specifying STARTTLS or TLS version 1.3/1.2? Has anyone else maybe reported similar issues with the SMTP implementation and MS365 as the SMTP provider?

BreizhHardware

2026-05-07 00:18:12 +02:00

closed this issue
added the
question
label

BreizhHardware commented

2026-05-07 00:18:13 +02:00

Author

Owner

@glenndehaan commented on GitHub (Jul 24, 2025):

Hi @X0mbiRapt0r,

Unfortunately i'm unable to test this from my side since I don't have access to Office 365.
But I did some research and found that the library I use to send the mail can be switched from TLS to STARTTLS.
Basically the SMTP_SECURE environment variable controls if TLS is enforced. So if set to false this would fall back to STARTTLS.

If this does not work I could try to see if I can implement optional cipher selection support,

But from what I have seen online utilizing port 587 with SMTP_SECURE set to false should fix this issue.

Kind regards,
Glenn de Haan

@glenndehaan commented on GitHub (Jul 24, 2025): Hi @X0mbiRapt0r, Unfortunately i'm unable to test this from my side since I don't have access to Office 365. But I did some research and found that the library I use to send the mail can be switched from TLS to STARTTLS. Basically the `SMTP_SECURE` environment variable controls if TLS is enforced. So if set to `false` this would fall back to STARTTLS. If this does not work I could try to see if I can implement optional cipher selection support, But from what I have seen online utilizing port 587 with `SMTP_SECURE` set to `false` should fix this issue. Kind regards, Glenn de Haan

BreizhHardware commented

2026-05-07 00:18:13 +02:00

Author

Owner

@X0mbiRapt0r commented on GitHub (Jul 25, 2025):

Hi, @glenndehaan

Oh, cool, I'll definitely try it set to false in the morning, thanks.

If that doesn't work, my next step would be to take it up with the ISP to get port 25 unblocked as this will be a requirement for us later when we move over to SMTP relay (MS365 seems to default to 25 for their relay requirements), so no need to try and implement anything, but thanks regardless.

Kind regards,
Irish

@X0mbiRapt0r commented on GitHub (Jul 25, 2025): Hi, @glenndehaan Oh, cool, I'll definitely try it set to false in the morning, thanks. If that doesn't work, my next step would be to take it up with the ISP to get port 25 unblocked as this will be a requirement for us later when we move over to SMTP relay (MS365 seems to default to 25 for their relay requirements), so no need to try and implement anything, but thanks regardless. Kind regards, Irish