Another thing I am pondering is how best to debug the SMTP connection. tcpdump shows me the dns lookup, and a connection to the correct port (465) but the server itself (exim) gives me a "TLS error on connection from <host/ip> SSL_accept: TCP connection closed by peer", while fleetdm pops up a "sending mail: could not dial smtp host: SMTP connection error" which suggests that the "dial deadline" has been reached.
12/04/2021, 1:31 AM
What do you get if you
curl -vv smtp://<host>:<port>
from the host running your Fleet server?
Does your server perhaps try to negotiate a TLS connection immediately rather than using STARTTLS?
12/04/2021, 10:15 PM
When you put it that way .. 🙂 -- changed the port 25 and .. STARTTLS was triggered (X=TLS1.3AEAD CHACHA20 POLY1305 SHA256256); I've been too used to forcing (mobile) clients to use TLS direct. Again, thanks!