Einbindung GMX-Account - Paperless

Hallo, benötige bitte Hilfe,

Versuche gerade ein GMX-Konto in Paperless einzubinden.
Funktioniert auch einwandfrei, allerdimgs sobald die Firewall an ist, geht es nicht mehr.

Paperless-Einstellungen:
IMAP-Server: imap.gmx.net
IMAP-Port: 993
IMAP-Sicherheit: SSL
Zeichensatz:
UTF-8

Firewall-Einstellungen:
Port: 993 / Protokoll: TCP
Quell-IP: Alle
Aktion: Zulassen

Konnte es soweit verfolgen, dass es glaub ich irgendwas mit einer DNS-Auflösung zu tun hat.
Allerdings der Versuch DNS in die YAML 1.1.1.1 + 8.8.8.8 einzufügen, war nicht hilfreich.

Server ist ja durch die Synology erreichbar, nur durch Paperless nicht.

boss@NAS:/$ openssl s_client -connect imap.gmx.de:993
CONNECTED(00000003)
depth=2 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
verify return:1
depth=1 C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security ServerID OV Class 2 CA
verify return:1
depth=0 C = DE, ST = Rheinland-Pfalz, L = Montabaur, O = 1&1 Mail & Media GmbH, CN = mail.gmx.net
verify return:1

Certificate chain
0 s:C = DE, ST = Rheinland-Pfalz, L = Montabaur, O = 1&1 Mail & Media GmbH, CN = mail.gmx.net
i:C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security ServerID OV Class 2 CA
1 s:C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security ServerID OV Class 2 CA
i:C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2

Server certificate
-----BEGIN CERTIFICATE-----
MIIJIzCCB4ugAwIBAgIQPfFo4hdABfT9xy+S++/ZUjANBgkqhkiG9w0BAQsFADBo
MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0
eSBHbWJIMTAwLgYDVQQDDCdUZWxla29tIFNlY3VyaXR5IFNlcnZlcklEIE9WIENs
YXNzIDIgQ0EwHhcNMjUwMTIwMDkxMzUyWhcNMjYwMTI0MjM1OTU5WjByMQswCQYD
VQQGEwJERTEYMBYGA1UECBMPUmhlaW5sYW5kLVBmYWx6MRIwEAYDVQQHEwlNb250
YWJhdXIxHjAcBgNVBAoMFTEmMSBNYWlsICYgTWVkaWEgR21iSDEVMBMGA1UEAxMM
bWFpbC5nbXgubmV0MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvdyY
C0wno3AekPtI9bbdICER8kez/RgTuCtdlMLu1BjsuVEqfL7GMKK1wFrDJwPyz4tA
Mf38eZMRl+QIDfeQKT11o0FFH4srUTgSNS2UI0yEC0B6+4e6cPHBOcaDnSyDRh5A
FqBz7YiSKUa4ckTAg5m0RF0sYa7Mey/pYESLnuExEdsg2faGvKRZH/JCQwtuJyHJ
Gi/uEQQH+8iHFhrKdzzC5Oc2dUuxqwPVhsjqB0O1vgAqXRe+RI32XFtYZcyzXLNF
u7ycptmbxKbxmnBENb3mFlFJ8BhOc9nhW9pnOmZ14cZt5zspnTIPJZkyL4WFx1KC
QzEd85SN5s3rjCgJso+RSrFNQsftgtfRKouHti3maqoloP1vNYN/4gs+HhAHTrDf
FP4cYJS/ZX1qH6dJPoUm4nMQz992hnZNiECeIUPsYH/jq3l3fFLxFgE+LP7HIVSo
AE1OtJLk/0NmgseF6B6htkzMPeja3MFWzb0P8XOYoJJ0LqXqI6JC496/tBxFAgMB
AAGjggS9MIIEuTAfBgNVHSMEGDAWgBQcBZOxf6g0MIxS4JZAoHKjEF3g/zAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1Ud
DgQWBBQQX79+roAKoZ4PQTlzXeBR1hdG0zBTBgNVHSAETDBKMEgGBmeBDAECAjA+
MDwGCCsGAQUFBwIBFjBodHRwOi8vZG9jcy5zZXJ2ZXJpZC50ZWxlc2VjLmRlL2Nw
cy9zZXJ2ZXJpZC5odG0wXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDovL2NybC5zZXJ2
ZXJpZC50ZWxlc2VjLmRlL3JsL1RlbGVrb21fU2VjdXJpdHlfU2VydmVySURfT1Zf
Q2xhc3NfMl9DQS5jcmwwgZ8GCCsGAQUFBwEBBIGSMIGPMDEGCCsGAQUFBzABhiVo
dHRwOi8vb2NzcC5zZXJ2ZXJpZC50ZWxlc2VjLmRlL29jc3ByMFoGCCsGAQUFBzAC
hk5odHRwOi8vY3J0LnNlcnZlcmlkLnRlbGVzZWMuZGUvY3J0L1RlbGVrb21fU2Vj
dXJpdHlfU2VydmVySURfT1ZfQ2xhc3NfMl9DQS5jcnQwDAYDVR0TAQH/BAIwADBz
BgNVHREEbDBqggxtYWlsLmdteC5uZXSCC21haWwuZ214LmRlggxzbXRwLmdteC5u
ZXSCC3NtdHAuZ214LmRlggxpbWFwLmdteC5uZXSCC2ltYXAuZ214LmRlggtwb3Au
Z214Lm5ldIIKcG9wLmdteC5kZTCCAmwGCisGAQQB1nkCBAIEggJcBIICWAJWAHYA
DleUvPOuqT4zGyyZB7P3kN+bwj1xMiXdIaklrGHFTiEAAAGUgv1rRgAABAMARzBF
AiEAqjaYNy2OO+69vE1Sc5iI89ICfIEuMpavFrAZiyDJWakCIB0GRMuUXXNkT3GW
5OSJtjasKHkQTYTQozEsMnuYKYiEAHYAlpdkv1VYl633Q4doNwhCd+nwOtX2pPM2
bkakPw/KqcYAAAGUgv1rEwAABAMARzBFAiEAqHvwsMTA8Eurv67auaQp9uH8vlV5
8c5BsEOYcwQ5/noCIGd6hT6IlmGYt4gIrdLKHrexBBpDhOxJQrwsxUD6U7OcAHUA
GYbUxyiqb/66A294Kk0BkarOLXIxD67OXXBBLSVMx9QAAAGUgv1sGwAABAMARjBE
AiBBRhRqTlIh4FzcWWLkNjTSynUcihGHS70UklAPE6FuKAIgUYyHvKVi2NpN5asX
Z+XW5T7DZOiWX2uw3V3COCDN1+sAdQBJnJtp3h187Pw23s2HZKa4W68Kh4AZ0VVS
++nrKd34wwAAAZSC/Wv1AAAEAwBGMEQCIBGnkqlafEi+/89mM4MXkzcUplZrKpj+
QY8dh8DE/GBWAiAGwoLHxvHyBoNqbEmKzTTBBdQa9CzLP5D3xtN5S421LQB2AGQR
xGykEuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlIL9bK0AAAQDAEcwRQIg
CYkzTcylAvfY+152f1fcySiJTWgztrYE8u46zN5hANkCIQCv3qKzJ2YM9SxvUIMk
sIfm24g5YP+SGmnXVxgcHn0s8TANBgkqhkiG9w0BAQsFAAOCAYEAkDSkiiTad+PK
ANvJFQ7AfVLL7HkmcOd7yzS4BTUQaPyHGDFlXb3AiMtCT9syVL9GbZQaAszcIb32
PuQseDY7Ptnps6CGr2ZkJCGzLzokaDgcbG3XkBPtGSwB3enIj3TpKii+PQy8vdtg
Ve20w/d65oiwDmUnAzoRToxAONH7vOQVHqr/FIcWl+l9RWNpSd294tqL+6+yUMMR
WLPzKnn7wAdM60H1guMIgAltdcMo76FNJEA2Kx57aQfOBluDDbwEneczishXZ8zH
6KRYWTAu/0FJCKFV5SPxe12ACxlI7LHlkxr/mxuNNcJOyJ+9dJkFwHgEXLdstUtU
/GkzGhFfNKrjfzymSJ0Y5HaIfPy8f1+RbiAI9pr+jFtN/C7RAC0zndTbNrSy+x/l
fY8qBsdoDjODswF5FbodHXXomfVWBTj7ekSEZ1ay2+aw/ynoPU7oVlm1/x/zyU+S
mVR+mD8fHv4G5agniShgfUZbNEsGgLa0+kcaL1jfhSbwsTJ18Anf
-----END CERTIFICATE-----
subject=C = DE, ST = Rheinland-Pfalz, L = Montabaur, O = 1&1 Mail & Media GmbH, CN = mail.gmx.net

issuer=C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security ServerID OV Class 2 CA


No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits

SSL handshake has read 4433 bytes and written 393 bytes
Verification: OK

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 3072 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

  • OK [CAPABILITY IMAP4rev1 CHILDREN ENABLE ID IDLE LIST-EXTENDED LIST-STATUS LITERAL- MOVE NAMESPACE SASL-IR SORT SPECIAL-USE THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN AUTH=LOGIN AUTH=PLAIN] IMAP server ready H migmx109 30.3 IMAP-1MHEk4-1uFaR325Xk-00ESr4
    a LOGIN BENUTERNAME PASSWORT
    a OK LOGIN completed

Was muss ich alles in der Firewall freigeben, damit dies funktioniert?

Lösung: Freischaltung Port 53 / Protokoll UDP

Nach langem ausprobieren