Correct me if i'm wrong but it is not suppose that the reverse DNS entry should return FQDN?, because the mane of mi server is Server1.Hospedaje.... We use mail.hospedaje.... , and we do not have any load balancing, is pretty simple how we have it, for the POP/IMAP Daemon we use Dovecot, for the mailfilter syntax sieve, for the content filter Rspamd and for the maildir format Maildir.
When your mailserver tells other servers it's called "mail.domain.tld" the rdns record for that IP should report back exactly that name and not something else.
I not sure to be honest. I guess you just need a valid rdns, but thats what i'm doing for the last 10 years. However back to the main problem. Do these login problems occure when you attempt auth from localhost? Can you test the authentification from localhost with nc or something and test it with doveadm-auth?
And do the login problems occur for all mailboxes or just for a few mailboxes? Did you try to set a new password to see if it works then?
I check with the following command: Code: doveadm auth test [email protected] and i get a passdb auth succeeded But doing a test with a machine with outlook, while i was setting the new password of an email account i get a error of the certificate, it might be that?
You should investigate that certificate error. What did the error say? Is it the wrong hostname or is the certificate expired?
The message said that the server at the one that you are connected is using a security certificate that cannot be check. The name of the security entity of destination is incorrect. And ask you if you want continue using that server The thing is that the certificate is issued by Sectigo RSA and expires on 8/15/23
And the certificate is for "mail1.domain.tld"? The name you enter as the server name in the mail client must be identical to the one on the certificate
The certificate i had it was a Wildcard, but it is a paid certificate and every time it get renewed, it work for me to change it in every place. so searching yesterday i found this tutorial from @Th0m : https://forum.howtoforge.com/thread...d-lets-encrypt-ssl-certificate-certbot.86372/ I will check on monday if those machines keep having the message of the certificated. But now i've got a specific certificate for mail.mydomain.ltd
Ok after checking we still has the Certificate error but now said that the certificates is SMTP.hospedaje.xxx, and when i check the certificate mail.hospedaje.xxx in https://www.sslshopper.com/, the common name appear as smtp.hospedaje.xxx, but i already checked 3 times the tutorial and is exactly like it. I don't know where it might be wrong. As a comment, i've did uncheck the SSL box for the site mail.hospedaje.xxx, erase the certificate from the live folder, and check it again in the site so the system create the certificate again, but i've get the same result
Check the certificate under /etc/postfix/smtpd.cert. This is a symlink to /usr/local/ispconfig/interface/ssl/ispserver.crt by default. You can check it from the shell with: Code: openssl x509 -text -noout -in /etc/postfix/smtpd.cert What is the name in the " Subject: CN =" line? Is it correct?
Reading my previous post i wasn't as clear as i should be, Sorry for that. I followed the tutorial from @Th0m (The one i put in my message, #31), and the symlink is not to /usr/local/ispconfig/interface/ssl/ispserver.crt anymore, now is to /etc/letsencrypt/live/mail.hospedaje.xxx, but according to that tutorial what i should get in the CN is mail.hospedaje.xxx, but im getting smtp.hospedaje.xxx Code: Certificate: Data: Version: 3 (0x2) Serial Number: Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = R3 Validity Not Before: Jan 28 06:18:12 2023 GMT Not After : Apr 28 06:18:11 2023 GMT Subject: CN = smtp.hospedaje.xxx .... Subject Alternative Name: DNS:imap.hospedaje.xxx, DNS:mail.hospedaje.xxx, DNS:pop3.hospedaje.xxx, DNS:smtp.hospedaje.xxx As you can see i'm not having the right certificate name for the server name we use in the mail client (mail.hospedaje.xxx). That is what i tried to said in my message #32.
It can be a different hostname that becomes the main hostname, and is used for the directory name of the cert. See the note in the tutorial as well: "Not working? I once had a problem with this, because Let's Encrypt used one of the alias domains as main domain. You can find the main domain in the earlier mentioned SSL tool as "Common name" or by listing the content of /etc/letsencrypt/live to see which of the (alias)domains has a folder there."
Hi @Th0m i have a doubt about this, if i had severals certs for the same domain but the ends with 001, 002, 003, wich one is the good one?, and what will happen with the symlink?, because is pointing to the one on the folder that doesn't has any numbers. Also, if i erase the alias domains, ISPConfig it erase the certs folders? i mean the ones that should be on the /etc/letsencrypt/live route. I'm asking these things because on wednesday i was having an error to get a new cert from Letsencrypt, and before check the Log (my mistake), i see all those folders and erased it (what a dumb thing from me). Thankfully i had a backup from the first cert i get the day i follow the tutorial and i was able to restore it, but till today at night i will be able to get a new cert and create the alias domains to get linked to that cert. One thing i learned from letsencrypt (between a lot of other things), is that doesn't allow to create more than 5 certs for the same domain in a short period of time, and you has to wait more than 3 days to get a new one.