Have setup server 3 times using Perfect Server Ubuntu 10.04 LEMP and everything works except FTP. SSL works. Researched: "TLS connection was non-properly terminated." and nothing suggested to fix it worked. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Require explicit FTP over TLS Status: Resolving address of mydomain.com Status: Connecting to 123.45.67.89:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 07:41. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Response: 234 AUTH TLS OK. Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Command: USER domain-mynet-com Error: GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated. Status: Server did not properly shut down TLS connection Error: Could not read from socket: ECONNABORTED - Connection aborted Error: Could not connect to server >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Only use plain FTP (insecure) Status: Resolving address of mydomain.com Status: Connecting to 123.45.67.89:21... Status: Connection established, waiting for welcome message... Status: Logged in Status: Retrieving directory listing of "/web"... Command: CWD /web Response: 250 OK. Current directory is /web Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (123,45,67,89,85,147) Command: MLSD Error: Connection timed out after 20 seconds of inactivity Error: Failed to retrieve directory listing >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Don't know if the following is the reason. On ISPConfig setup. got error: Configuring Postgrey Configuring Postfix Can't load /root/.rnd into RNG 140495726641600:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd Generating a RSA private key I checked /root for .rnd and it's not there. Also, ~# needrestart - always produces: Outdated processor microcode │ Processor microcode update │ The currently running processor microcode revision is 0x1 which is not the expected microcode revision 0x5000021. root@cloud:~# grep 'stepping\|model\|microcode' /proc/cpuinfo model : 85 model name : Virtual CPU 82d9ed4018dd stepping : 4 microcode : 0x1 (on all cpu's) root@cloud:~# dmesg | grep microcode [ 0.017410] MDS: Vulnerable: Clear CPU buffers attempted, no microcode Tried: sudo apt-get install microcode.ctl intel-microcode After reboot Still Get: root@cloud:~# dmesg | grep microcode [ 0.006046] MDS: Vulnerable: Clear CPU buffers attempted, no microcode Upgraded to 18.10 and saw error: Setting up linux-firmware (1.175.4) ... update-initramfs: Generating /boot/initrd.img-4.18.0-22-generic cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries nor crypto modules. If that's on purpose, you may want to uninstall the 'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs integration and avoid this warning. Tried: root@cloud:~# update-initramfs -u (didn't change anything) After updating to 18.10, everything still works except FTP. Nothing in nginx or site error logs Would appreciate any help. Thanks
TLS: Thats probably an incompatibility of your FTP Program (FileZilla) with older pure-ftpd versions which was introduced by FileZilla. https://forum.filezilla-project.org/viewtopic.php?f=1&t=50496 Try a different FTP client and you will see that it works (except that you might have to set the passive ports as described below). Non-TLS: Your server seems to be behind a router or firewall, this means you have to define a passive port range in the FTP server and firewall: https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/ I don't think that it was a good idea that you updated a supported Ubuntu LTS version to an Ubuntu Desktop version which is not supported by ISPConfig. Not supported means in this terms that neither the ispconfig updater recognizes it nor does ISPConfig itself, so if any config or program path changed between 18.04 and 18.10, then your setup will break. It can not be predicted if it will continue to work stable. We do not test nor support the non-LTS releases.
And I hope you used the 18.04 guide (which is the recent one) and not the 10.04 guide (which is 9 years old).
Thanks for your response. Reinstalled 18.04 with 18.04 guide (not 10.04 - typo) Same results - everything works but FTP. Neither CyberDuck or WinSCP worked with or without port and firewall changes. Disabled firewall and neither CyberDuck or WinSCP worked. Can receive email on port 995 but can't send on 465 Disabled UFW firewall and was able to send on 465 Using ISPConfig / UFW firewall https://ftptest.net/ Status: Resolving address of 123.45.67.89 Status: Connecting to 123.45.67.89 Warning: The entered address does not resolve to an IPv6 address. Status: Connected, waiting for welcome message... Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Reply: 220-You are user number 1 of 50 allowed. Reply: 220-Local time is now 15:48. Server port: 21. Reply: 220-This is a private system - No anonymous login Reply: 220-IPv6 connections are also welcome on this server. Reply: 220 You will be disconnected after 15 minutes of inactivity. Command: CLNT https://ftptest.net on behalf of 2600:1700:bcc1:e30:d56f:e839:88e0:cd38 Reply: 530 You aren't logged in Command: AUTH TLS Reply: 234 AUTH TLS OK. Status: Performing TLS handshake... Status: TLS handshake successful, verifying certificate... Status: Received 1 certificates from server. Status: cert[0]: subject='C=US,ST=STATE,L=CITY,O=BIZ\5c, Inc.,OU=SMARTZ,CN=cloud.mydomain.com,[email protected]' issuer='C=US,ST=STATE,L=CITY,O=BIZ\5c, Inc.,OU=SMARTZ,CN=cloud.mydomain.com,[email protected]' Command: USER mydomain-com Error: Could not read from socket: Error in the pull function. Tried both TLS and Plain FTP and got same results Disabled UFW Firewall and got same result Thanks for your help.
For email: please post the content of the /etc/postfix/master.cf file of your server. And the sending port is 587 for sending secure email over tls, 465 is usable as well but normally one uses 587 today. For FTP: Run the test script from here https://www.howtoforge.com/community/threads/please-read-before-posting.58408/ as root and post the result. Then run the command 'cat /etc/pure-ftpd/conf/PassivePortRange' and post the result as well. Where do you host that server, some data centers have external firewalls which may block FTP ports as well independently of what you configure in your local firewall. Please do not reinstall again as that's not necessary. There is no issue in the tutorial, used it a few days ago to install a server and FTP works fine, so we have to just find out which firewall blocks your FTP access.
Thanks for your response. /etc/postfix/master.cf >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o smtp_bind_address= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING -o disable_dns_lookups=yes >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> root@cloud:~# cat htf_report.txt | more ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1dev ##### VERSION CHECK ##### [INFO] php (cli) version is 7.2.19-0ubuntu***.***.***.*** ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (nginx (PID 958) [INFO] I found the following mail server(s): Postfix (PID 1446) [INFO] I found the following pop3 server(s): Dovecot (PID 778) [INFO] I found the following imap server(s): Dovecot (PID 778) [INFO] I found the following ftp server(s): PureFTP (PID 1516) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:110 (778/dovecot) [anywhere]:143 (778/dovecot) [anywhere]:80 (958/nginx [anywhere]:8080 (958/nginx [anywhere]:465 (1446/master) [anywhere]:8081 (958/nginx [anywhere]:21 (1516/pure-ftpd) ***.***.***.***:53 (795/named) [localhost]:53 (795/named) ***.***.***.***:53 (746/systemd-resolve) [anywhere]:22 (832/sshd) [anywhere]:25 (1446/master) [localhost]:953 (795/named) [anywhere]:443 (958/nginx [anywhere]:993 (778/dovecot) [anywhere]:995 (778/dovecot) [localhost]:10023 (1125/postgrey) [localhost]:10024 (1664/amavisd-new) [localhost]:10025 (1446/master) [localhost]:10026 (1664/amavisd-new) [localhost]:10027 (1446/master) [anywhere]:587 (1446/master) [localhost]10 (778/dovecot) [localhost]43 (778/dovecot) *:*:*:*::*:80 (958/nginx *:*:*:*::*:8080 (958/nginx *:*:*:*::*:465 (1446/master) *:*:*:*::*:21 (1516/pure-ftpd) *:*:*:*::*:53 (795/named) *:*:*:*::*:22 (832/sshd) *:*:*:*::*:25 (1446/master) *:*:*:*::*:953 (795/named) *:*:*:*::*:993 (778/dovecot) *:*:*:*::*:995 (778/dovecot) *:*:*:*::*:10023 (1125/postgrey) *:*:*:*::*:10024 (1664/amavisd-new) *:*:*:*::*:10026 (1664/amavisd-new) *:*:*:*::*:3306 (1016/mysqld) *:*:*:*::*:587 (1446/master) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:20 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10000 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:3306 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> This was an attempt to send from my email client which failed with client error: -> [SMTP] [2019-06-22 10:09:01] Connect to "mail.my-domain.com", Port: 587, TLS: Yes (1.2) An error occurred. - Error connecting with SSL. - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number (MAIL.LOG) Jun 22 10:08:51 cloud dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=4907, secured, session=<yAn09OqLhugAAAAAAAAAAAAAAAAAAAAB> Jun 22 10:08:51 cloud dovecot: imap([email protected]): Logged out in=155 out=1135 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> I am able to send & recieve with Roundcube Everthing is A.O.K. by dnsstuff.com >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> (SYSLOG) This was an attempt to FTP from FileZilla Jun 22 11:17:52 cloud dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=8138, secured, session=<K3PA6+uL3ukAAAAAAAAAAAAAAAAAAAAB> Jun 22 11:17:52 cloud dovecot: imap([email protected]): Logged out in=155 out=1135 Jun 22 11:17:55 cloud pure-ftpd: ([email protected]) [INFO] New connection from 12.345.67.89 Jun 22 11:17:56 cloud pure-ftpd: ([email protected]) [ERROR] TLS renegociation (DID NOT KNOW DOVECOT WAS ACTIVATED WHILE USING FTP?) >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> root@cloud:~# cat /etc/pure-ftpd/conf/PassivePortRange cat: /etc/pure-ftpd/conf/PassivePortRange: No such file or directory root@cloud:~# No errors in site or nginx logs Using VULTR for hosting. You can setup a VULTR firewall but I haven't. Currently have VULTR production server running Debian 10 with nginx without any problems. I had also setup Ubuntu 16.04 / nginx a few days ago on VULTR and had no problems with anything. Tried upgrading 16.04 to 18.04 - All kinds of problems. Thanks again for your help.
1) Please stop the ufw firewall for the tests to ensure that its firewall rules do not cause the problems, you can use the test script to see if all rules have been removed. Actually, the firewall is not needed anyway as you run services only that shall be accessible and that's why the firewall is off by default. 2) You used FileZilla again which has a TLS 1.3 issue, I posted that at the beginning in #2, so you can't use that for the FTP test as it's known that the pure-ftpd version from ubuntu 18.04 does not work with FileZilla, it works with other FTP clients tough. The link in #2 lists also sugegstions what you can do. 3) You did not setup the passive port range as I suggested and opened it in the firewall, see my post #2, but this is needed for FTP when you activate a firewall on your server. 4) When Email works fine with roundcube, then the overall email setup of the system is ok, master.cf is fine as well. If I read the message here correctly: -> [SMTP] [2019-06-22 10:09:01] Connect to "mail.my-domain.com", Port: 587, TLS: Yes (1.2) An error occurred. - Error connecting with SSL. - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number then your mail client might try to use the old SSLv3 and this is disabled in current OpenSSL versions like the one that ships with Ubuntu 18.04. Redo the email test by using a different desktop email client, you can e.g. use thunderbird portable which does not need to be installed: https://portableapps.com/apps/internet/thunderbird_portable as Thunderbird is known to work well and to support recent SSL standards.
Thanks so much for your help. Setting up the passive port range solved the problem. I had set it up on 18.10 (which didn't work) but failed to do it again when I went back to 18.04. I reverted back to FileZilla 3.39 which is working. For whatever reason my email client (OE Classic Pro) works on port 465 and wont on 587? Thanks for your great product!
I think that's fine, both ports offer the same functionality. so if it works with 465, then I would just leave it as it is, it's not worth to further investigate in my opinion.
