POP3/SMTP

Ok,

My system has been working fine with the following configuration.

POP3 over SSL on port 995 SMTP on port 25

Still works fine this way.

ISSUE #1 However, I've been having some issues using my SmartPhone to connect to the email system (issue is due to .pem vs .cer file types and compatibility with SmartPhone mail system, not Virtualmin/webmin!)

So, to provide a temporary fix, I wanted to connect via POP3 on port 110. It wouldn't work. So I tried it on my laptop with M$ Outlook 2007. It just continually asks for my username and password.

The WEBMIN>DOVECOT>NETWORKING AND PROTOCOLS shows that IMAP, POP3, IMAP (SSL) and POP (SSL) are enabled.

Remember, it works just fine with POP3 (SSL) on port 995!

ISSUE #2 In OUTLOOK>ACCOUNT SETTINGS>EMAIL>MORE SETTINGS>ADVANCED

If I try to use SMTP (SSL) on port 465 I get an error stating "...Outlook, cannot connect to your outgoing (SMTP) e-mail server. If you continue to receive this message, contact your server administrator..."

I get the same error if I use SMTP (SSL) on port 465 and choose SSL for the "Use the following type of encrypted connection:"

I tried using SMTP on port 25 and chose SSL for the "Use the following type of encrypted connection:" This selection gives me a slightly different error stating "...Your server does not support the connection encryption type you have selected..."

In either situation, I don't know what I'm missing!

Status: 
Active

Comments

Dovecot may not be allowing un-encrypted connections on port 110 by default. Try going to Webmin -> Servers -> Dovecot -> SSL Configuration, and change 'Disallow plaintext authentication in non-SSL mode?' to 'No'. Then click 'Save', and 'Apply Configuration'.

Let us know if that works..

Thanks Jamie - Sorry, I've been real busy the last couple weeks.

Your suggestion fixes the problem with the incoming mail issue, however it really doesn't pose a solution to the outgoing mail issue. I can't send mail using the SMTP over SSL protocol.

Is Postfix setup to listen to port 465 on your server?

You can determine that by logging in over SSH, and typing:

netstat -an | grep :465

If you see a line like this:

tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN

That means it is listening on port 465, and you may have a firewall or something else blocking access to port 465.

If you don't see the above line, we'll need to reconfigure Postfix to listen for your connections. If that's the case, can you post your /etc/postfix/master.cf file?

The command (netstat -an | grep :465) doesn't produce any results. It just goes back to the prompt!

Yeah, so that suggests that your server isn't listening for requests on port 465.

Can you attach your /etc/postfix/master.cf file to this request?

FYI: I can use the TLS encryption on SMTP port 25 just fine, and unencrypted connections work as well.

I don't even see an option under WEBMIN>SERVERS>POSTFIX to allow SMTP over SSL. Wouldn't there be one there somewhere?

Oh, and the contents of my /etc/postfix/master.cf file is pasted below!


# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = hx1.sapphiresolutionsltd.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = hx1.sapphiresolutionsltd.com, localhost.sapphiresolutionsltd.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

That looks like your main.cf, do you have the file named "master.cf"?

Oops, You're right! Sorry!

NOW... the contents of my /etc/postfix/master.cf file is pasted below!


#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

Okay, what I would do is uncomment (remove the #) these lines near the top:

#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject

And then restart Postfix:

/etc/init.d/postfix restart

That will enable ports 465 and 587.

Thanks andreychek - I'll check this out and let you know the results!