I've been trying for over a week to set this up correctly. Running on debian 9.1 and default virtualmin 6 installation. (webmin 1.852, usermin 1.720, virtualmin 6.00) PHP 7.0 fcgi (if relevant)
I have several domains hosted. All are created with only the default (virtualmin created) user and only alias "info@domain.com" was added for all of the domains.
SFTP and Usermin work fine with said usernames and passwords.
But thunderbird fetches the auto-configuration file and applies these settings:
Incoming: IMAP, mail.domain.com, SSL/TLS (port 993) (normal password)
Outgoing: SMTP, domain.com, No Encryption (port 587) (normal password)
Username: username (not username.usergroup or other)
Then I hit "Done" and thunderbird hits me with a warning: "Outgoing settings: domain.com does not use encryption"
After accepting this warning, thunderbird is "checking the password...." and after a while it fails: "Configuration could not be verified - is the username or password wrong?"
Username and password are definitely right, I checked many times. Must have something to do with sasl/pam authentication or default firewall rules.
In Server Templates, "Format for usernames that include domain" is set to default (username.domain)
My DNS records look good - A records go through cloudlfare:
A domain.com -> ip
A mail -> ip
MX domain.com -> mail.domain.com
In FirewallD I have enabled smtps and ports 587, 993, 143, 465. I haven't touched anything else since installation in FirewallD, Linux Firewall or Fail2Ban.
SSL certificates are self-signed.
Here's my Thunderbird auto-configuration XML (but I now have set it to be automatically generated):
<?xml version="1.0" encoding="UTF-8"?>
<clientConfig version="1.1">
<emailProvider id="$SMTP_DOMAIN">
<domain>$SMTP_DOMAIN</domain>
<displayName>$OWNER Email</displayName>
<displayShortName>$OWNER</displayShortName>
<incomingServer type="imap">
<hostname>$IMAP_HOST</hostname>
<port>$IMAP_PORT</port>
<socketType>$IMAP_TYPE</socketType>
<authentication>$IMAP_ENC</authentication>
<username>$SMTP_LOGIN</username>
</incomingServer>
<outgoingServer type="smtp">
<hostname>$SMTP_HOST</hostname>
<port>$SMTP_PORT</port>
<socketType>$SMTP_TYPE</socketType>
<authentication>$SMTP_ENC</authentication>
<username>$SMTP_LOGIN</username>
</outgoingServer>
</emailProvider>
</clientConfig>
Is there something else I should be looking at?
Ideally I should be able to connect using thunderbird on ports 993 & 465 over SSL/TLS both for IMAP and SMTP.
Thank you!
You did tried something like this ssh on the server to check?
openssl s_client -connect yourmailserverip:993or
telnet yourmailserverip 143or ports that are used for plainthe login is . login yourusername yourpass
and ofcourse your logfiles maillog and so on
but have a look at the telnet command ;)
And
netstat -tulpn | grep :yourport or pogramm-serviceHi, sorry for the late reply but my post wasn't published on the first couple days (most probably due to the screening process as I'm a new user) and so I forgot about it. Anyways, here's what I tried:
the openssl command:
[root@domain ~]# openssl s_client -connect domain.com:993
depth=0 CN = *.domain.com, emailAddress = info@domain.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = *.domain.com, emailAddress = domain@domain.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=*.domain.com/emailAddress=info@domain.com
i:/CN=*.domain.com/emailAddress=info@domain.com
---
Server certificate
-----BEGIN CERTIFICATE-----
...
...
...
...
...
...
...
...
...
...
...
-----END CERTIFICATE-----
subject=/CN=*.domain.com/emailAddress=info@domain.com
issuer=/CN=*.domain.com/emailAddress=info@domain.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 1549 bytes and written 326 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: RTYJRTYJ456745u6....
Session-ID-ctx:
Master-Key: 3546745674567TYJH4TYJ54YUJ.....
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - de 69 .. .. .. .. .. .. .RH...H... .FED...
...
...
...
...
...
...
...
...
...
Start Time: 1768544353
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: yes
---
DONE
telnet does not ask for password: telnet 143:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.telnet 993:
connects, but shows nothingtelnet 587:
220 domain.com ESMTP Postfix (Debian/GNU)telnet 25:
220 domain.com ESMTP Postfix (Debian/GNU)telnet 465:
connects, but shows nothingnetstat -tulpn | grep :143
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1055/dovecottcp6 0 0 :::143 :::* LISTEN 1055/dovecot
netstat -tulpn | grep :993
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1055/dovecottcp6 0 0 :::993 :::* LISTEN 1055/dovecot
netstat -tulpn | grep :587
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1397/masternetstat -tulpn | grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1397/masternetstat -tulpn | grep :465
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1397/masteremail log:
Oct 2 08:34:37 domain postfix/smtpd[18184]: connect from my.ipOct 2 08:35:38 domain postfix/smtpd[18184]: lost connection after UNKNOWN from my.ip
Oct 2 08:35:38 domain postfix/smtpd[18184]: disconnect from my.ip unknown=0/6 commands=0/6
Oct 2 08:36:07 domain postfix/smtpd[18275]: connect from my.ip
Oct 2 08:36:23 domain postfix/smtpd[18275]: lost connection after CONNECT from my.ip
Oct 2 08:36:23 domain postfix/smtpd[18275]: disconnect from my.ip commands=0/0
Oct 2 08:37:45 domain dovecot: imap-login: Disconnected (no auth attempts in 36 secs): user=<>, rip=my.ip, lip=my.ip, session=<rt43y5hh45...>
Oct 2 08:38:08 domain postfix/smtps/smtpd[18442]: connect from my.ip
Oct 2 08:39:43 domain postfix/anvil[18186]: statistics: max connection rate 1/60s for (submission:my.ip) at Oct 2 08:34:37
Oct 2 08:39:43 domain postfix/anvil[18186]: statistics: max connection count 1 for (submission:my.ip) at Oct 2 08:34:37
Oct 2 08:39:43 domain postfix/anvil[18186]: statistics: max cache size 2 at Oct 2 08:36:07
Oct 2 08:40:07 domain postfix/smtpd[18574]: connect from unknown[some.other.ip]
Oct 2 08:40:07 domain postfix/smtpd[18574]: warning: unknown[some.other.ip]: SASL LOGIN authentication failed: authentication failure
Oct 2 08:40:07 domain postfix/smtpd[18574]: disconnect from unknown[some.other.ip] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Oct 2 08:43:08 domain postfix/smtps/smtpd[18442]: SSL_accept error from my.ip: Connection timed out
Oct 2 08:43:08 domain postfix/smtps/smtpd[18442]: lost connection after CONNECT from my.ip
Oct 2 08:43:08 domain postfix/smtps/smtpd[18442]: disconnect from my.ip commands=0/0
I believe there should be an easy guide on virtualmin.com with the steps to make email work with email clients after full virtualmin installation on a clean grade A supported OS. It's the most frustrating process. I also believe email clients are key for admins that have multiple email accounts to view daily.
cheers