Email Problems ( CentOS 7.3 + ISPConfig 3.1.2 )

Hello,
I am trying to debug two issues trying to stand up ISPConfig 3.1.2 on CentOS 7.3 on a Linode instance. I followed the Perfect Server for same. Things went mostly well.

I'm trying to setup my mail client to an email I created in the admin panel. I have Roundcube installed and it sends and receives mail okay and securely over https.

Two problems are:

1. Mail client can receive mail, but doesn't trust the certificate.
2. Mail client cannot send mail.

I am using mail.mydomain.com as the incoming ( port 993 SSL ) and outgoing ( port 25 SSL ). Using my full email address as the username and the correct password.

Code:

[root@me ~]# netstat -tulpn | grep :::25 && netstat -tulpn | grep :::993
tcp6       0      0 :::25                   :::*                    LISTEN      22746/master
tcp6       0      0 :::993                  :::*                    LISTEN      16646/dovecot

For the incoming, ISPConfig generated the Let's Encrypt certificates for mydomain.com and they are trusted for web traffic. Can I use those for mail.mydomain.com, or do I generate new ones, including the subdomain mail.mydomain.com? Do I have to manually update a configuration file to read those?

For the outgoing, I'm seeing this in /var/log/maillog ( after stopping and starting postfix ):

Code:

Mar 17 03:16:57 han postfix/postfix-script[22663]: stopping the Postfix mail system
Mar 17 03:16:57 me postfix/master[18611]: terminating on signal 15
Mar 17 03:16:57 me postfix/postfix-script[22744]: starting the Postfix mail system
Mar 17 03:16:57 me postfix/master[22746]: daemon started -- version 2.10.1, configuration /etc/postfix
Mar 17 03:21:02 me postfix/smtpd[23060]: connect from localhost[::1]
Mar 17 03:21:02 me postfix/smtpd[23060]: lost connection after CONNECT from localhost[::1]
Mar 17 03:21:02 me postfix/smtpd[23060]: disconnect from localhost[::1]
Ma

In /etc/postfix/main.cf I have:

Code:

mydestination = mail.mydomain.com server.mydomain.com, localhost, localhost.localdomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

What else can I provide to help debug this? I'm quite lost.

Thanks,
Trevor

 

Thank you, Till, for the reply.

I think it might actually be a DNS issue. My cell provider, for example, is still reporting old ip addresses for mydomain.com. I'll check again in a day or so and come back here.

In the meantime, I set the mail server up as my server's ip address and I saw something different go by the log.

Code:

Mar 17 20:45:56 me postfix/smtpd[31526]: connect from unknown[1.2.3.4]
Mar 17 20:45:56 me postfix/smtpd[31526]: NOQUEUE: filter: RCPT from unknown[1.2.3.4]: <me at mydomain.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<me at mydomain.com> to=<him at otherdomain.com> proto=ESMTP helo=<[192.168.43.161]>
Mar 17 20:45:56 me postfix/smtpd[31526]: NOQUEUE: filter: RCPT from unknown[1.2.3.4]: <me at mydomain.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<me at mydomain.com> to=<him at otherdomain.com> proto=ESMTP helo=<[192.168.43.161]>
Mar 17 20:45:56 me postfix/smtpd[31526]: NOQUEUE: reject: RCPT from unknown[1.2.3.4]: 454 4.7.1 <him at otherdomain.com>: Relay access denied; from=<me at mydomain.com> to=<him at otherdomain.com> proto=ESMTP helo=<[192.168.43.161]>

Looks like it's getting caught by spam filter? Do you know why that would be happening?

As for Let's Encrypting the mail server, it seems like the guide you sent will only have it work for mydomain.com. I'll also have mywifesdomain.com running on the same server, looking to send email with a trusted certificate. Would you recommend taking the same approach as the guide but with a multi-domain certificate? Is that something ISPConfig will do or do I do it from the command line?

Code:

certbot-auto -d mail.mydomain.com -d mail.mywifesdomain.com

Thanks,
Trevor

 

This is odd, maybe.

When I'm tethering through my cell phone ( so on my mobile network ) the DNS is now resolving mydomain.com and mail.mydomain.com properly and I can run ( IP address changed ):

Code:

[me-over-mobile:~]$ telnet 1.2.3.4 25
Trying 1.2.3.4...
Connected to mydomain.com.
Escape character is '^]'.
220 server.mydomain.com ESMTP Postfix

But when I connect through my home network, it hangs on trying the IP address.

Code:

[me-over-home-network:~]$ telnet 1.2.3.4 25
Trying 1.2.3.4...

Is that DNS issue or is there something deeper going on?

Thanks,
Trevor

 

Maybe the ip from your home network is blocked on your server or your router disables out-connections over port 25.

 

A couple of days later and things have progressed a little.

Port 25 was indeed blocked by my router. I have disabled port 25 and enabled port 587 in /etc/postfix/master.cf by doing this:

Code:

# smtp      inet  n      -      n      -      -      smtpd
587     inet  n       -       n       -       -       smtpd

Jesse, can you tell me what 'submission' does? I see it in the .cf file, but before turning it on, I'd like to know what it does.

At this point, I'm able to send emails, but my certificate is still not trusted. I tried to create the multidomain Let's Encrypt certificate and reference that in /etc/postfix/main.cf. I have these settings:

Code:

smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key

I had these files symlink'ed to the appropriate Let's Encrypt files, but then I received Security Certificate errors when trying to connect. I'll try to look further into this.

 

Quick note to anyone coming on this post.

I had turned port 25 off in master.cf thinking that since I was using 587 for sending, I didn't need to keep 25 open.

Turns out that prevented external email servers from sending messages to my server. That's probably obvious to the experts, but I didn't know that's how it works.

I re-enabled port 25 by uncommenting the first smtp line, like this:

Code:

smtp      inet  n      -      n      -      -      smtpd
587     inet  n       -       n       -       -       smtpd