HELP! SMTP won't STARTTLS port 25

I just set up a new server which started with Debian 10, upgraded to Debian 11 and then did automated install of ispconfig3. All went perfectly except exim4 had an issue not being able to read a log file, fixed, and install completed and fully functional

Added some sites. All good I thought. Added several. Then an issue comes up with postfix. It will not allow users to send mail. Mail is coming in ok, no problems there so port 25 is working normally.

I changed the smtpd_tls_security_level in main.cf from dane to may and it now allows sending on port 587 but not on 25.

Any attempt to login setup email on Outlook 365 as "We cannot connect to outgoing (SMTP) server. Please check the outgoing SMTP server settings and try again." If is manually set the outgoing server port to 587 the email goes out fine

The mail.log file shows attempt to login but no connection that sends.
Jun 27 12:58:14 server1 postfix/submission/smtpd[1168503]: connect from unknown[47.213.193.238]
Jun 27 12:58:15 server1 postfix/submission/smtpd[1168503]: 48B09FC9: client=unknown[47.213.193.238], sasl_method=LOGIN, [email protected]
Jun 27 12:58:15 server1 postfix/submission/smtpd[1168503]: disconnect from unknown[47.213.193.238] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 commands=7

My email users are reporting the same problem with their iPhones and other devices. They cannot send mail.

HELP!

Thank you, Richard

 

So this is ISPConfig question, despite posting on Linux forum?

ISPConfig system should not have exim4. Is postfix installed at all? And is exim4 really installed still?
Did you just not have Debian 11 install media, and had to install Debian 10 and upgrade to 11? It might work better to install Debian 11 and then autoinstall ISPConfig.
Do this: https://forum.howtoforge.com/threads/please-read-before-posting.58408/
My signature has link to e-mail setup Tutorial.

 

Hello Taleman,
EXIM was installed with Debian 10 - upgraded to Debian 11) on the new server by default but there was an error, it could not read the exim log file. When I did the automated ispconfig install (Debian 10) it failed the first time because if that. Fixed the exim error, then it ran the automated install without errors which of course includes postfix.

So .POSTFIX is running fine, it accepts mail from external sencers, the problem is that many of my clients have been using port 25 to send mail from their email clients in the past and when I moved them to this new server, they are not able to authenticate.

The main.cf and master.cf files are attached to my original post

Richard

 

Hello Till,
My problem is a couple of dozen email users who have used port 25 in their setups historically and now they cannot connect. Is there any way to configure posrfix to allow STARTTLS to work as expected when they try to repair their iphone and outlook clients? Those clients both use port 25 by default!

In any case, the best is to follow the standard and get them all to set to 587 so the next time we migrate we won't have to go throught it all again. We moved from CENTOS7 to Debian this time finally, glad to get that done.

THANK YOU guys.

Richard

 

Thank you all, the problem is that the old setup on CENTOS 7 postfix allowed STARTTLS on port 25 and some of our client users had set up their mail clients to use port 25 that way. When we migrated, the "standard" was tightened and they have to change their sending port to 587. We just have to bite the bullet and help them all get changed over.
It all works out in the end.
Richard