Submitted by snoopy74 on Thu, 10/02/2014 - 14:21
Hello,
I have running a root-server with a fixed IP (1.2.3.4)
In addition i have 4 more IPs (5.6.7.8 to 5.6.7.11).
Now postfix is making some trouble - TLS ist not working at all, some of the addisional IPs have so SMTP server at all and i can't find a solution.
I comared the configs from the old (debian v6) server and this new one - but the differ; which may not wonder due to the different os versions.
What can i do in virtualmin to get all those IP with their domains running for SMTP and SMTPS (TLS and SSL) ?
All SSL certificates are signed and valid by globalsign and wordek well under the old server ...
Thank you.
Status:
Active
Comments
Submitted by snoopy74 on Thu, 10/02/2014 - 14:25 Comment #1
sorry, forgotten:
virtualmin 4.11.gpl GPL webmin 1.710
of course everything as also been checked without firewalls (on server and clients) and from several clients. domains have been copied from virtualmin (old debian v6) server to new server through backup/restore in virtualmin.
no wanrings in the mail.err or mail.warn
aaargh ;o(
Submitted by JamieCameron on Thu, 10/02/2014 - 17:26 Comment #2
Can you explain further what is going wrong here?
Virtualmin 4.11 adds a feature to have Postfix serve up a different SSL certificate to clients depending on the IP they connect to. It is possible that this could break SMTP connections to virtual domain IPs in some way.
Submitted by snoopy74 on Fri, 10/03/2014 - 00:53 Comment #3
I think you're right.
The SSL detection of those (valid and official signed) SSL certificates is not working.
With the restore of the domains all those SSL certificates have been copied to the new server. I took the "main domain" for the "main IP" and copied the SSL certificates to webmin, dovecot, postfix and virtualmin (all four offered options within the domain ssl management).
btw: All the SSL websites are working fine. No problems there (= apache server on default 80/443).
after that i tested the main domain with email (receivind and sending through SSL) and it worked fine with my thunderbird client (SSL encryption selected).
so i moved one of the other domains with SSL to one of the additional IPs. I tried to connect to that domain with thunderbird and got the typical SSL warning (that domain is not matching the served ssl certificate). ok. so i tried to solve the problem. in your update feature list it sounds like it (that dovecot/postfix ssl detection) would work automatically. i clicked on the "copy the SSL certificate to dovecot and to postfix" buttons in the SSL certificate management in virtualmin. but now the main domain wouldn's work with SSL on IMAP any more ... so i clicked those two button on my main domain again to restore that function at leat for my main domain.
i looked into the master.cf of postfix ("/etc/postfix/master.cf") and found only one of the additional IPs in the bottom of the file. so i tried to restart postfix in the terminal ("/etc/init.d/postfix restart"). After that no SMTP server at all was responding - not on the main domain and not on my other IPs. Panic ....
I decided to solve that problem by copying those two IP lines within the master.cf and restartet postfix.
Now SMTP was running again - but not with TLS and only some time. After that the server/script/whatever overwrote the master.cf and SMTP was down again (IMAP war running).
I copied the lines again and restarted postfix. since then i can mail though SSL (with only one certificate) and SMTP (only without encryption or one SSL certificate).
Does this help ? Pls ask if i can bring more details.
Submitted by JamieCameron on Sat, 10/04/2014 - 10:52 Comment #4
So, the use of per-IP SSL certs in Postfix and Dovecot is only applied when you create a domain, or when you disable and then re-enable SSL for a domain. However, this shouldn't cause Postfix to stop responding! If that happens, please attach your /etc/postfix/master.cf file to this bug report.
Submitted by snoopy74 on Mon, 10/06/2014 - 12:35 Comment #5
I tried to de- and reactivate the SSL function in the server features.
The matching line has been created within the postfix/master.cf ... well
... but dovecot is still delivering another SSL certificat from another domain.
The correct SSL certificates have been selected in the domain (with has it's own IP address).
It's a fresh webserver ... everything else is running. only this SSL certificates within imap not. :o(
Submitted by JamieCameron on Tue, 10/07/2014 - 16:11 Comment #6
Can you attach your dovecot config file to this bug report, and let me know which domains are on which IPs?