Control Web Panel
WebPanel => Problems on other RedHat linux servers => Topic started by: venty on January 15, 2025, 07:10:19 AM
-
Hi,
The server use Alma Linux 9, I have completed all the settings, including SSL, and created an email account, I can send and receive messages via the web, but it doesn't work through the email client when I use the corresponding SSL ports, where am I wrong?
Tnaks in advance?
BR
Venty
-
Do you get some errors when you try to send/receive emails using local mail application ? If not then check the mail logs to investigate what happens with your incoming/outgoing emails.
-
Do you get some errors when you try to send/receive emails using local mail application ? If not then check the mail logs to investigate what happens with your incoming/outgoing emails.
Hi,
error I get:
ERROR:SMTP Connect host=mail.vc.com error=Error connecting with SSL.
error:00000001:lib(0):func(0):reason(1)
BR
Venty
-
Def. an encryption problem -- not able to establish a secure connection. Is your Roundcube still set for defaults? Is it checking with SSL/TLS or STARTTLS? Roundcube checks the localhost, but mail ports may not be open for remote connections. What CSF ports do you have open for mail? Incoming: 143, 993, 995? Outgoing: 25, 465, 587?
-
Def. an encryption problem -- not able to establish a secure connection. Is your Roundcube still set for defaults? Is it checking with SSL/TLS or STARTTLS? Roundcube checks the localhost, but mail ports may not be open for remote connections. What CSF ports do you have open for mail? Incoming: 143, 993, 995? Outgoing: 25, 465, 587?
Hi,
ports is OK...
rDNS/PTR = FAILED...?
BR
Venty
-
You have another thread associated with the RDNS/PTR problem. Please continue conversation through:
https://forum.centos-webpanel.com/problems-on-other-redhat-linux-servers/rdnsptr-failed-14517/msg50048
to avoid confusion.
-
Hi,
I use Alma linux 9.5 and CWP…
I have completed all the settings, including SSL, and created an email account, I can send and receive messages via the web (Roundcube Webmail) and port 25 and 110, but it doesn't work through the email client when I use the corresponding SSL ports, where am I wrong?
When setting up email to work with SSL, I get this error:
https://prnt.sc/fNf8nEMXT1N0
Other:
I deleted a user and creating a new user several times due to some problems and now we get to:
rDNS/PTR = FAILED, check with your hosting provider! FAILED
I have talked to my provider, this rDNS worked before when I used Centos 7, now at the beginning with AL 9, but when deleting and creating a new user it was lost...at that moment I noticed it...
Thanks in advance!
BR
Venty
-
Hi,
I fixed the rDNS/PTR record and it's OK...
I have completed all the settings, including SSL, and created an email account, I can send and receive messages via the web (Roundcube Webmail) and port 25 and 110, but it doesn't work through the email client when I use the corresponding SSL ports, where am I wrong?
When setting up email to work with SSL, I get this error:
ERROR:SMTP Connect host=mail.xxxxxxxx.com error=Error connecting with SSL.
error:00000001:lib(0):func(0):reason(1)
Thanks in advance!
BR
Venty
-
Does your SSL have the mail sub-domain added?
Most mail clients like Thunderbird will automatically contact the email server for the correct settings.
The error is it can't connect to the SMTP server via SSL.
Make sure ports 486 and 587 are open, as these are the SMTP SSL ports. Port 25 is Non-SSL.
-
Does your SSL have the mail sub-domain added?
Most mail clients like Thunderbird will automatically contact the email server for the correct settings.
The error is it can't connect to the SMTP server via SSL.
Make sure ports 486 and 587 are open, as these are the SMTP SSL ports. Port 25 is Non-SSL.
Hi,
1. Yes, there is a mail subdomain added...
2. I mention port 25 because when I didn't select SSL for the mail client, I send through it without problems. and accordingly I receive through port 110...
3. For SSL, my port is 465 and it is open...
Does the CWP have a cache?
BR
Venty
-
Various caching schemes are in play, but shouldn't affect anything in this case.
Have you tried testing your server with telnet and see if you can get through the firewall and services are listening (postfix)?
telnet your.domain.com 25
telnet your.domain.com 465
telnet your.domain.com 587
-
AlmaLinux's default install doesn't have telnet.
But you can try:
nc -vz google.com 80Once confirmed you can contact google, and nc is working.
From AlmaLinux 9.5:
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected to 2607:f8b0:4009:81b::200e:80.
Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds.
Now to test your server:
nc -vz domain.name 25
nc -vz domain.name 465
nc -vz domain.name 587
-
Various caching schemes are in play, but shouldn't affect anything in this case.
Have you tried testing your server with telnet and see if you can get through the firewall and services are listening (postfix)?
telnet your.domain.com 25
telnet your.domain.com 465
telnet your.domain.com 587
Hi,
Thanks, all ports connect with telnet, but only on 25 and 587 does Postfix return ESMTP, on 465 it returns nothing...
Ncat I could not access it....
nc -vz google.com 80 - it returned me -bash: nc: command not found
BR
Venty
-
Install netmap & netcat and try again.
Check your firewall to verify port 465 is open.
-
AlmaLinux's default install doesn't have telnet.
telnet testing is done FROM your computer (a proper desktop linux? macOS?) TO your AlmaLinux server. No need to install it on AlmaLinux.
-
Hi,
I continue with the tests, server with AL9:
1. After a user is created, a domain is automatically attached to it, I create a SSL certificate, including a subdomain mail, but no mail account works with SSL ports 465 and 995???
2. I attached a second domain to the same user, created an SSL for it, and then created an email account, but no mail account works with SSL ports 465 and 995???
3. Are SSL certificates and email accounts created in the user panel or..., I tested many options????
BR
Venty
-
SSL mail???
-
I'm sorry, but have you considered hiring a sysadmin to help you set up your server?
-
I'm sorry, but have you considered hiring a sysadmin to help you set up your server?
NO, AND I DON'T THINK…
here I saw that there are many topics about a similar problem...
-
1. Did you check if the secure mail ports are listed by mail services (postfix, dovecot) ?
2. Check the mail logs on your server to investigate the problem:
/var/log/maillog
/var/log/dovecot.log
-
1. Did you check if the secure mail ports are listed by mail services (postfix, dovecot) ?
2. Check the mail logs on your server to investigate the problem:
/var/log/maillog
/var/log/dovecot.log
Hi,
Thank you very much...
1.As I noted in a previous answer, after executing the telnet command for the ports:
telnet your.domain.com 25
telnet your.domain.com 465
telnet your.domain.com 587
I got the following results: all ports connect with telnet, but only on 25 and 587 does Postfix return ESMTP, on 465 it returns nothing..., but 465 is open...
/var/log/maillog- the file is very large and I can't open or download it... - 5.5 GB;
/var/log/dovecot.log - in this POP3 file the error is often noticed, please see the following picture:
https://prnt.sc/uJ82kvYrptH9
Thanks in advance!
BR
Venty
-
As for the error:
Take a look at the provided error and then read this file:
/etc/dovecot/conf.d/10-ssl.confDon't be afraid to ask google when CWP community is silent or you can't resolve the problem yourself.
As for the big text files:
Use command prompt/shell. To open/review big file you can use "less", "vi", "ee", "cat", "grep", etc instead of single option provided by GUI. Сommand prompt must be your best friend if you consider yourself as the system administrator not as the experienced linux user.
-
FYI. You are not going to get a response from postfix on 465 using telnet. 465 requires SSL authentication. To test it, you must use openssl.
openssl s_client -connect localhost:465
If you receive an appropriate response, then everything should be working, we need to look externally. If you do not get a response from posix, please check /etc/postfix/master.cf and make sure port 465 is indeed enabled.
-
FYI. You are not going to get a response from postfix on 465 using telnet. 465 requires SSL authentication. To test it, you must use openssl.
openssl s_client -connect localhost:465
If you receive an appropriate response, then everything should be working, we need to look externally. If you do not get a response from posix, please check /etc/postfix/master.cf and make sure port 465 is indeed enabled.
Hi,
thank you very much, it worked :)
Please take a look at the following restrictions in Postfix:
# rules restrictions
smtpd_client_restrictions = reject_unknown_client
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain
# uncomment for realtime black list checks
# ,reject_rbl_client zen.spamhaus.org
# ,reject_rbl_client bl.spamcop.net
# ,reject_rbl_client dnsbl.sorbs.net
smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
are they adequate?
BR
Venty
-
I would suggest you look here:
https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp (https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp)
-
I would suggest you look here:
https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp (https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp)
Hi,
thank you very much...
I looked at the manual, just please clarify - in etc/postfix/main.cf I have the following restriction:
# rules restrictions
smtpd_client_restrictions = reject_unknown_client
is it appropriate to look like this:
# rules restrictions
smtpd_client_restrictions =
permit_sasl_authenticated
reject_unknown_client_hostname
Thanks in advance!
BR
Venty
-
Here's a good explainer for you, walks you through the evaluation process, stages:
https://blog.matrixpost.net/configure-postfix-to-block-and-reject-unsolicited-messages-or-spam/ (https://blog.matrixpost.net/configure-postfix-to-block-and-reject-unsolicited-messages-or-spam/)
-
Here's a good explainer for you, walks you through the evaluation process, stages:
https://blog.matrixpost.net/configure-postfix-to-block-and-reject-unsolicited-messages-or-spam/ (https://blog.matrixpost.net/configure-postfix-to-block-and-reject-unsolicited-messages-or-spam/)
Hi,
thank you very much...
BR
Venty