I've set up two accounts in virtualmin, an admin@domain and support@domain
Set up the DKIM, spf, txt, etc records at cloudflare
I can send emails, though at first they were getting sent straight to spam
However, I can't receive email and get errors when trying to login from an email client. It says the certificate is invalid even though I set up the cert in dovecot and postfix config in virtualmin. And second, authentication always fails, even if I know I have the password right. On too of that, installed roundcube from script installer and it can't do anything-sending gets smtp error 250, saying I'm unauthenticated. I can send email with the 'mail' command though. This is true for both accounts
All else works fine, apache with let's encrypt ssl and everything
How do I get email working?
I'm using Ubuntu 18.04 on a virtualbox vm. Ports forwarded from host, including 465, 993, 587, 25, 995, 80, 443. UFW on host and guest allow these ports
I just can't figure what what's wrong here
"What can fail will, and so will everything else" - Every developer ever
Hi Colby_dev,
sorry i didnt reply myself to your original question on Friday...i was busy fixing server issues of my own on Friday and Saturday.
Ok, so about your email...I always check usermin first before using third party email clients such as roundcube, thunderbird, outlook etc
you need to have at least created a virtualmin>virtual server as this email is for a virtual server domain.com (not for hostname.domain.com)
have you run an mxtoolbox.com "mx:record" check for your domain.com?
Are you able to login to usermin on your web browser?
ie https://yourdomain.com:20000
(dont forget for usermin to ensure port 20000 is open in firewall on both your server and also at your VPS hosting providers network firewall)
you say you have setup mx, spf, DMARC records at cloudflare..I dont use cloudflare myself...i would not start with that. Get it working without cloudflare first would be my advice. Where is your SOA for dns? (i would add these records at the SOA first and wipe the cloudflare stuff for now). Adding additional steps into the equation just confuses things...first ensure your server is sending mail and it is being received correctly. Once that is sorted then add clouflare or sendgrid or whatever.
I would suggest you check the postfix mail log. Webmin>System>System logs>(mail.err, mail.log, mail.warn)
https://ajecreative.com.au
Checking usermin shows that my email is being sent and received
My SOA is cloudflare, the domain I use registered with them
Still can't sign in remotely
I'll check logs in a minute and tell you if I see anything amiss
BTW, I control both host and guest server.
"What can fail will, and so will everything else" - Every developer ever
I can't use my domain to login only my IP but I suspect that's cloudflare interfering
Resolution is working and dig reveals the correct mx record
"What can fail will, and so will everything else" - Every developer ever
ok so if you are able to access via ip address but not through domain.com, then its definitely a dns issue.
BTW, how have your configured BIND in your Virtual Server Template Settings? It is possible that you have inadvertently set the Virtual Server to be its own start of Authority (I don't know why this even makes a difference if dns is outside???)...um, now I am just trying to remember where this settings is....ah yes here it is,
*First
Go to Virtualmin>System Settings>Account Plans>Default Plan (or any other plan you may have configured)
Then scroll down and expand
Allowed Virtual Server Features
Ensure that
Bind DNS Domain
is NOT SELECTEDThis will ensure that Bind does not attempt to make itself the start of authority on your webserver.
*Second
Virtualmin>Edit Virtual Server> Expand
Enabled Features
Ensure that
DNS Domain enabled
IS NOT selectedAs a check once the above are done...
Virtualmin>Server Configuration> Should have a menu item "
suggested dns records
(mine has nothing else relating to bind or dns)Let us know how your setup compares with the above and if it makes any difference.
https://ajecreative.com.au
Ok Did as you suggested, now no difference though but now it doesn't think it's the SOA
Still can't sign in via email client and sending emails from usermin gets
Oddly though sending emails via the mailutils
mail
command works fine though"What can fail will, and so will everything else" - Every developer ever
And after doing that and shutting off the CDN proxy at cloudflare domain.com:20000 doesn't work but webmail.domain.com successfully redirects to that
"What can fail will, and so will everything else" - Every developer ever
take a look at this thread at stackoverflow. See if it helps
https://stackoverflow.com/questions/23534256/failed-to-send-mail-via-php...
Also
https://virtualmin.com/node/34106
https://ajecreative.com.au
The SO link didn't help but setting
-o smtpd_tls_security_level=may
I can now send email via Userminsmtpd_sasl_security_options
doesn't exist in my configurationStill the problems of signing in via mail client. Outlook seems to autodiscover the needed information but insists my password is wrong, even if I know it's right. Tried with two separate accounts
"What can fail will, and so will everything else" - Every developer ever
Tomorrow I will try to link my virtualmin system with some third party email clients and will post my results. I have had outlook linked to virtualmin before...i dont usually use my own mail servers for anything more than minimum required for website contact forms to function... i outsource client email to dedicated providers such as office 365 etc.
Having said the above, I don't recall having had too much trouble setting outlook up with virtualmin but we will see.
https://ajecreative.com.au
We're already paying enough for our servers ;-) No sense throwing office 365 in the mix too
"What can fail will, and so will everything else" - Every developer ever
Thanks for checking
"What can fail will, and so will everything else" - Every developer ever
The problem you seem to have is not related to virtualmin nor postfix, your problem is that your outlook version has problems with the ssl authentication. If you would try a mail client, something like thunderbird you would see you have no issues.
I had something similar on cPanel server and it drove me mad as I couldn't figure out why, I had to change the SSL Cipher string in cPanel.
Looking at the ports, seems you have some important ones missing: 53,143,953, keep in mind most outlook versions will only be happy to use 465 instead of 587.
T.
yes you are right.
I have had this problem with the outlook app in the past ( I had completely forgotten about this thanks for bringing that up).
From memory...and this was over a year ago so im very rusty on it, I vagely recall my issue baack them was due to the default naming convention used by virtualmin postfix vs what outlook app will accept (ie name.domain.com instead of name@domain.com).
There is a setting in virtualmin to change this naming convention...and there are posts on this forum about how to do that (I don't have any links right now to post but im sure it was the main virtualmin postfix setup document that talks about how to change it).
I think I even posted a support request to Microsoft about this...and they were not helpful.
also check out the following thread ..https://www.virtualmin.com/node/39785
this may be different from your problem but worth checking just the same
https://ajecreative.com.au
I don't use my server for DNS so 53 isn't needed
I tried Spark email with same result (can't use Thunderbird on mobile)
"What can fail will, and so will everything else" - Every developer ever
ok so i have just had a bit of a play with thunderbird.
What i have found is the following...
If in thunderbird, i set email address as
user@domain.com
i get an error (because this is not actually the name of the virtual server user found in virtualmin)In virtualmin the virtual server user was automatically created by virtualmin as
user.virtualserver@domain.com
This is the name found in virtualmin login and also in usermin login.When i enter
user.virtualserver@domain.com
into thunderbird, along with the correct password, the auto configuration works immediately...even using my virtualmin server as the outgoing mail server...mail.domain.com.au on port 587 (START TLS)
Now when i attempt to send an email, the SSL certificate throws an error offering me the opportunity to confirm a security exception. Once i do this, the email sends no problems.
i havent checked whether the security exception relates to the mx records for the domain pointing at my hostname? (in any case, emails are sending and receiving from thunderbird). It may be that my dns mx record entry is not yet setup for the virtual server domain...and so its reverting back to my hostname.domain.com?
I am having problems with windows 10 mail trying to follow the same setup as in thunderbird...i suspect because of the
user.virtualservername
prefix?https://ajecreative.com.au
What should I use as virtualserver name?
"What can fail will, and so will everything else" - Every developer ever
try either of the following (depending on how your server hierarchy is setup) i have a virtual sub server for this email that i am testing.
user@domain.com or,
user.virtualservername@domain.com (where user.virtualservername is the user you see at the bottom of the webmin/virtualmin dashboard menus ie logged in user)
I use the virtualmin login and ftp username for email
see image for the username locations that i use in order to make this work here (**note that the RHS arrow is pointing to the ftp user which may confuse, but that is the username i use for email clients!) https://drive.google.com/file/d/1y9kWwy3sA0N4R7Bc9_PntmztdkTBzWtf/view?u...
https://ajecreative.com.au
To clarify the user confusion between email and ftp...in virtualmin, there is a drop down box that i think illustrates why they are the same. You can give these new users either email or email+ftp access. See image https://drive.google.com/file/d/1JKze2YcPajZgqIx8N0Xr3DW-FiXyvIzc/view?u...
https://ajecreative.com.au
I'm trying to login to the admin user here not a custom created one
"What can fail will, and so will everything else" - Every developer ever
does your admin user have an account for email and ftp?
If its a root user, then that may not work. For example, my root/admin (sudoer) user cannot login using ftp or email. I am quite happy to have it this way. The only access these particular users have on my system is SSH (SFTP)...nothing else.
create a new user account...then this should work much easier for you i think.
the main server administrator account i dont think should be getting email!
https://ajecreative.com.au
I didn't manually create the account in Ubuntu
And I have to have it it's my admin@fomain.com aliased to postmaster@domain.com as well
I can check mail in usermin but I'd like to receive notification which requires remote email retrieve
"What can fail will, and so will everything else" - Every developer ever
EDIT...oops sorry...i missread your first post. The admin and support accounts should work exactly i have described above. You should be able to open thunderbird, use the auto setup for new accounts, enter the username and password, accept the defaults and it should work.
You may need to edit the incoming and outgoing mail servers in thunderbird to something like mail.yourdomain.com (thats what mine is)...where domain.com is the virtual server domain ie =
mail.colby.com
(you will need a matching mx record at dns registrar of course)https://ajecreative.com.au
It finds mail.domsin.com fine
It's not failing to connect so long as it doesn't try to use STARTTLS for IMAP. It's insisting that no matter what my credentials are wrong, and Spark gives a cert error even though everything should be using my LE cert which is good for domain.com and *.domain.com
"What can fail will, and so will everything else" - Every developer ever
I dont use spark i am using thunderbird.
I have to go now for a few hours...hopefully you will make some headway with this. I would suggest rechecking your entire SSL setup from scratch. (if this wont stuff website access)
https://ajecreative.com.au
HSTS would ensure it'd be unavailable to everyone
Oddly nothing besides email throws that error, and only Spark
"What can fail will, and so will everything else" - Every developer ever
What is the correct way to setup IMAP ssl in virtaulmin?
"What can fail will, and so will everything else" - Every developer ever
Ok
Email testing indicated Port 993 can't establish a connection to for whatever reason. Tried logging in on Port 995 and 143 for IMAP and still auth failure
Changing Port 465 to 587 doesn't help
And if really like to know what the proper username is. Admin.domain.com (domain.com is virtaulserver name) doesn't work either
"What can fail will, and so will everything else" - Every developer ever
IMAP/POP3
the usual method doesn't actually require any configuration that I can think of. If postfix and dovecot are working there isn't much else you need to do other than docs https://www.virtualmin.com/documentation/email
Normally, when I install virtualmin, then add a virtual server, install a LetsEncrypt SSL cert, then add a user account to that virtual server, ensure that at domain SOA (start of authority) the correct mx, spf, DMARC records are in place, it just works (straight out of the box).
I do know that windows 10 mail is a pain in the ass (I have problems using this but its not impossible to setup), thunderbird works essentially with its automatic configuration (perhaps the odd tweak depending on your desktop pc and home network setup)...
https://ajecreative.com.au
if you have manually created additional users (with both ftp&email login abilities) in virtualmin, then those users should work.
Can you just check the following...
Virtualmin>Edit Users
is Admin a user in that list?
If you select user Admin, then under Edit User, choose Login to Usermin (ensure port 20000 is open on any of your firewalls). Can you log into Usermin for the Admin user you have created?
Second, the first user in the list for a new Virtual Server (ie the default Virtual Server User)...whatever it is, should be able to login to Usermin (on mine that is the case). Try to login to Usermin using the default Virtual Server user ie https://yourdomain.com:20000
If default user works, then try user Admin. If Admin doesn't work, try to create a new "different" username that is not related to server administration (ie a name other than admin or administrator etc)...create a user called "Colby" for example. can you log into usermin with the new user you create called Colby?
Essentially, if you are able to login to Usermin, then the problem is not Virtualmin as such...its the client you are using for email (outlook, thunderbird, windows mail, whatever).
https://ajecreative.com.au
Yeah I can login via usermin
However NO email client is letting me login with ANY user it says authentication failed
However can send/receive mail via usermin
"What can fail will, and so will everything else" - Every developer ever
ok, so can I just confirm, when you are logged into both virtual server and also Usermin on your web browser...is the Lets Encrypt SSL certificate correct (ie a padlock immediately to LHS of URL)?
https://ajecreative.com.au
yes
You can check if you want; domain is innonetlife.com
"What can fail will, and so will everything else" - Every developer ever
ah...no its not secure.
what SSL certificate are you using?
EDIT...hmm that's strange, see the https details below (and yet google chrome browser is convinced your site doesn't have valid ssl)
Primary
Common Name: *.innonetlife.com
Issuer: Let's Encrypt Authority X3
Expires: 3 months
Valid From: 6/25/2019
Valid To: 9/23/2019
Serial: 033FF2D3F45C2CC9F250A920647D14EB90EB
Algorithm: sha256RSA
Common Name: Let's Encrypt Authority X3
Issuer: DST Root CA X3
Expires: 1 year 9 months
Valid From: 3/17/2016
Valid To: 3/17/2021
Serial: 0A0141420000015385736A0B85ECA708
Algorithm: sha256RSA
Organization: Let's Encrypt
Location: US
Common Name: DST Root CA X3
Issuer: DST Root CA X3
Expires: 2 years
Valid From: 9/30/2000
Valid To: 9/30/2021
Serial: 44AFB080D6A327BA893039862EF8406B
Algorithm: sha1RSA
Organization: Digital Signature Trust Co.
https://ajecreative.com.au
Both Google chrome and firefox don't show error here
Using let's encrypt cert
"What can fail will, and so will everything else" - Every developer ever
How exactly is it not secure? Should be valid for innonetlife.com and *. innonetlife.com
"What can fail will, and so will everything else" - Every developer ever
also, you have not setup a reverse DNS/ptr record for this mail server correctly It does not match the SMTP banner being sent.
The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address
You need to configure that or your emails wont get delivered reliably.
Some receiving mail servers may use a mismatched or masked banner as an indication of a possible spam source in a scoring system
If you do not have a PTR record, or your record does not match your hostname, we recommend that you contact your ISP and ask them to setup a reverse (PTR) record that matches the hostname of your mail server.
for example...go to mxtoolbox.com
type in your domain.com and select MX record check
after that, then do an smtp test
you will see what I mean
https://ajecreative.com.au
Can't setup PTR records at cloudflare
No reason SMTP banner should show different from DNS though
"What can fail will, and so will everything else" - Every developer ever
Ok
"What can fail will, and so will everything else" - Every developer ever
Well I added an A record but cloudflare doesn't support PTR records apparently
"What can fail will, and so will everything else" - Every developer ever
blimey, for such a widely used application, I find that incredible.
Whats even more ridiculous is the extent of Cloudflares article on DNS PTR records... so everyone can have a laugh I will post it in its entirety
DNS PTR Record
Learning Objectives
After reading this article you will be able to:
Understand the purpose of an PTR record.
What is a DNS PTR record?
The ‘pointer’ record is exactly the opposite of the ‘A’ record; the PTR address will give you the domain associated with a given IP address. The PTR record is used in reverse-lookup zones for reverse DNS searches.
Example of an PTR record:
example.com record type: value: TTL
@ PTR example.com 71200
The value here represents an email address ,which can be confusing because it’s missing the ‘@’ sign, but in an SOA record admin.example.com is the equivalent of admin@example.com.
what can one say?
Anyway, the ptr record is done for the server itself. So for example, if you were using Vultr.com as your VPS provider, then you would add the reverse ptr inside Vultr server dashboard/console.
I found another bit of information on cloudflare that will help you out with this...(sorry about the condescending way it starts, I am just copy and pasting it in)
How does reverse DNS work?
Reverse DNS lookups query DNS servers for a PTR (pointer) record; if the server does not have a PTR record, it cannot resolve a reverse lookup. PTR records store IP addresses with their segments reversed, and they append ‘.in-addr.arpa’ to that. For example if a domain has an IP address of 1.2.3.4, the PTR record will store that information as 4.3.2.1.in-addr.arpa.
https://ajecreative.com.au
btw, where are you hosting this? Did you mention this was on Virtualbox? If so, is this at your home/office?
Does your home/office have a static ipaddress assigned for the address?
Also, i am not familiar with configuring ptr records in home/office environments...i dont know if perhaps you might actually need to talk with your telecommunications provider about this?
EDIT... BTW, dont expect too much help from your home/office internet service provider with this...they intentionally dont support home/office based webservers (thats one reason why normally your download speed is 10 times faster than upload speed...they are trying to discourage home webservers).
You should still be able to setup reverse ptr though (lots of offices run inhouse mail servers)
https://ajecreative.com.au
No it's hosted on a dedicated OVH server. The virtualbox machine shares the IP address of the host
"What can fail will, and so will everything else" - Every developer ever
This article should get you sorted with missing reverse ptr https://support.us.ovhcloud.com/hc/en-us/articles/360002181530-How-to-Co...
https://ajecreative.com.au