SMTP (-1) error: failed while connecting to the server from Roundcube

Discussion in 'ISPConfig 3 Priority Support' started by albertf, Oct 6, 2019.

  1. albertf

    albertf Member HowtoForge Supporter

  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. albertf

    albertf Member HowtoForge Supporter

    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 10 (buster)
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.1.15
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.3.9-1~deb10u1
    
    ##### PORT CHECK #####
    
    [WARN] Port 8080 (ISPConfig) seems NOT to be listening
    [WARN] Port 25 (SMTP server) seems NOT to be listening
    [WARN] Port 22 (SSH server) seems NOT to be listening
    [WARN] Port 25 (SMTP server) seems NOT to be listening
    
    ##### MAIL SERVER CHECK #####
    
    [WARN] I found no "smtp" entry in your postfix master.cf
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
            Apache 2 (PID 1094)
    [WARN] I could not determine which mail server is running.
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 745)
    [INFO] I found the following imap server(s):
            Dovecot (PID 745)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 1166)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    [localhost]:10023               (955/postgrey)
    [localhost]:10024               (1278/amavisd-new)
    [localhost]:10025               (1247/master)
    [localhost]:10026               (1278/amavisd-new)
    [localhost]:10027               (1247/master)
    [anywhere]:587          (1247/master)
    [localhost]:11211               (720/memcached)
    [anywhere]:110          (745/dovecot)
    [anywhere]:143          (745/dovecot)
    [anywhere]:465          (1247/master)
    [anywhere]:57291                (804/sshd)
    [anywhere]:21           (1166/pure-ftpd)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    ***.***.***.***:53              (774/named)
    [localhost]:53          (774/named)
    [localhost]:953         (774/named)
    [anywhere]:993          (745/dovecot)
    [anywhere]:995          (745/dovecot)
    *:*:*:*::*:10023                (955/postgrey)
    *:*:*:*::*:10024                (1278/amavisd-new)
    *:*:*:*::*:10026                (1278/amavisd-new)
    *:*:*:*::*:3306         (866/mysqld)
    *:*:*:*::*:587          (1247/master)
    [localhost]10           (745/dovecot)
    [localhost]43           (745/dovecot)
    *:*:*:*::*:80           (1094/apache2)
    *:*:*:*::*:465          (1247/master)
    *:*:*:*::*:8081         (1094/apache2)
    *:*:*:*::*:57291                (804/sshd)
    *:*:*:*::*:21           (1166/pure-ftpd)
    *:*:*:*::*:53           (774/named)
    *:*:*:*::*:953          (774/named)
    *:*:*:*::*:443          (1094/apache2)
    *:*:*:*::*:993          (745/dovecot)
    *:*:*:*::*:57369                (1094/apache2)
    *:*:*:*::*:995          (745/dovecot)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain f2b-postfix-sasl (1 references)
    target     prot opt source               destination
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    SSH 22 and ISpconfig 8080 port have been changed, it's normal to get this warning.
    Code:
    [WARN] Port 8080 (ISPConfig) seems NOT to be listening
    [WARN] Port 22 (SSH server) seems NOT to be listening
    (Changed Port 22 before install IspConf and 8080 Port changed when I installed IspConf with the tutorial)
    How I can activate
    Code:
    [WARN] Port 25 (SMTP server) seems NOT to be listening
    It's a fresh successful install without any errors with just 2 changes (Port 22 and 8080), get Port 25 (SMTP server) seems NOT to be listening is very strange. All services seems to be ok and I setup one domain name with website using Wordpress (Mysql OK) without any problems.
    [​IMG]
     
    Last edited: Oct 7, 2019
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the content of the file /etc/postfix/master.cf
     
  5. albertf

    albertf Member HowtoForge Supporter

    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master" or
    # on-line: http://www.postfix.org/master.5.html).
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (no)    (never) (100)
    # ==========================================================================
    submission inet n - - - - smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    smtps inet n - - - - smtpd
     -o syslog_name=postfix/smtps
     -o smtpd_tls_wrappermode=yes
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #smtp      inet  n       -       y       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    #submission inet n       -       y       -       -       smtpd
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #smtps     inet  n       -       y       -       -       smtpd
    #  -o syslog_name=postfix/smtps
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       y       -       -       qmqpd
    pickup    unix  n       -       y       60      1       pickup
    cleanup   unix  n       -       y       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       y       1000?   1       tlsmgr
    rewrite   unix  -       -       y       -       -       trivial-rewrite
    bounce    unix  -       -       y       -       0       bounce
    defer     unix  -       -       y       -       0       bounce
    trace     unix  -       -       y       -       0       bounce
    verify    unix  -       -       y       -       1       verify
    flush     unix  n       -       y       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       y       -       -       smtp
    relay     unix  -       -       y       -       -       smtp
            -o syslog_name=postfix/$service_name
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       y       -       -       showq
    error     unix  -       -       y       -       -       error
    retry     unix  -       -       y       -       -       error
    discard   unix  -       -       y       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       y       -       -       lmtp
    anvil     unix  -       -       y       -       1       anvil
    scache    unix  -       -       y       -       1       scache
    postlog   unix-dgram n  -       n       -       1       postlogd
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix    -    n    n    -    2    pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    dovecot   unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
            -o smtp_bind_address=
    
    
    127.0.0.1:10025 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o disable_dns_lookups=yes
    
    
    127.0.0.1:10027 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o milter_default_action=accept
            -o milter_macro_daemon_name=ORIGINATING
            -o disable_dns_lookups=yes
    
    
    I hope I didn't forget someting at this step in the tutorial :D
     
    Last edited: Oct 7, 2019
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The tutorial instructed to yo remove the # in front of some existing lines, you duplicated them without #, that's ok as well even if that's not what the tutorial meant you to do. But besides that, you commented out the smtp line and this should not be done as this disabled port 25.

    Edit the file and remoove the # in front of this line:

    #smtp inet n - y - - smtpd
     
  7. albertf

    albertf Member HowtoForge Supporter

    @till YOU ARE MAGICiAN !
    Without your help I will never have found this error, THANK YOU...
    I am very sorry for your wasting time and I apologize because it's my mistake !
    I launched your test once more time to see what I get now, and I just have only one warning :
    Code:
    [WARN] could not determine server's ip address by ifconfig
    I would like to say YES everything is perfect now but apparently I get some SNI problems and Postfix seems to do not isolate each domain name same as with Postfix before version 3.4
    Even if I'm using now Postfix V3.4.5 (postconf mail_version), If I send an email with domain.com, the hostname in the greeting message is vps123456.ovh.net and not domain.com
    It mean the Smtp Banner is :
    Code:
    domain.com. <=> 12.34.567.89 [FR] : 220 vps123456.ovh.net ESMTP Postfix (Debian/GNU) 
    Code:
    80    http    HTTP/1.1 400 Bad RequestDate: Mon, 07 Oct 2019 17:36:12 GMTServer: Apache/2.4.38 (Debian)Last-Modified: Sun, 06 Oct 2019 15:57:01 GMTETag: "700-5943ffc6569dd"Accept-Ranges: bytesContent-Length: 1792Connection: closeContent-Type: text/html
    443    https    HTTP/1.1 400 Bad RequestDate: Mon, 07 Oct 2019 17:36:12 GMTServer: Apache/2.4.38 (Debian)Last-Modified: Sun, 06 Oct 2019 15:57:01 GMTETag: "700-5943ffc6569dd"Accept-Ranges: bytesContent-Length: 1792Connection: closeContent-Type: text/html
    25    smtp    220 vps123456.ovh.net ESMTP Postfix (Debian/GNU)
    21    ftp    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 1 of 50 allowed.220-Local time is now 19:36. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
    110    pop3    +OK Dovecot (Debian) ready.
    143    imap    * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.
    This is makes
    Code:
    IP = ip of domain.com
    HELO (server) = vps123456.ovh.net
    rDNS = domain.com
    I choose Debian Buster to be 100% sure to get SNI support with Postfix, I really hope we can...
    Please can you help me on this point, that's very important to get a good "Email Deliverability" and it's a main point to get it.
    I didn't created "Client" do you think the SSL certiificate and Postfix is vps123456.ovh.net with all domain name for this reason ?
    Thanks
     
    Last edited: Oct 7, 2019
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    No, it not. The only problem is that you did not seem to have changed the server hostname. Using vps123456.ovh.net is in fact not good for email deliverability, but this problem is easy to solve and not related to SNI. You have to change the hostname in /etc/hosts, /etc/hostname, /etc/mailname and /etc/postfix/main.cf wherever it occurs and then restart the server. Choose a neutral hostname which is a subdomain of your main (company) domain like server1.yourdomain.tld or even mail.yourdomain.tld.
     
  9. albertf

    albertf Member HowtoForge Supporter

    But this is will not solve the SNI for multi SNI domain name ? (of course each domain must have dedicated IP and do not use the Ip of the main VPS Hostname)
    If I change the hostname this is will be Ok for only one domain name, right ?
    And after what about the others domain name hosted on this Vps ? that's not going to be Ok ?
    For a good email delivrability it should be
    Code:
    IP = dedicated ip of domain.com
    HELO (server) = domain.com
    rDNS = domain.com
    and we need do get this
    Code:
    domain.com. <=> 12.34.567.89 [FR] : 220 domain.com ESMTP Postfix (Debian/GNU) 
    If not, Thunberbird (Smtp port 465 SSL/TLS) will not accept to use mail.domain.com because it will answer a wrong SSL if the hostname is wrong, that's why I am talking about Multi SNI, 1 hostname per domain name.
     
    Last edited: Oct 8, 2019 at 10:14 AM
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    No. SNI for email is simply not needed and it does not provide any benefits in terms of email deliverability.

    No, it's ok for all domain names then as it's common that a mail server has just one name.

    Sure, it's ok for all domains of a mail system as a mail server shall have just one name and not multiple names.

    What matters for email deliverability is:

    1) Your mail server has just one name, which corresponds to the hostname of the system.
    2) This name should not be a subdomain of the domain of your hoster, it should be a subdomain of one of your domains.
    3) This subdomain must exist in DNS and point to the IP address of your server.
    4) The IP addfress of your server has a reverse DNS record which points to this subdomain that is used as server hostname.
    5) Enable DKIM and create SPF records for all domains that you host email for.
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Mail clients always connect to the mail server name of the provider that they use and that's the hostname of your server, it's not a subdomain of the domain of the client. So there are no TLS issues here.
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    No, that's not the case. See my list in post #10.
     
  13. albertf

    albertf Member HowtoForge Supporter

    Till, I am sorry, I don't understand what you mean, that's not I don't believe you, but more trying to understand what do you mean
    You are recommand me to make like a shared hosting and share the hostname.
    So when I will send an email it will makes this
    Code:
    From - Mon Oct  7 19:27:34 2019
    X-Account-Key: account97
    X-UIDL: UID308-1540952579
    X-Mozilla-Status: 0011
    X-Mozilla-Status2: 00000000
    X-Mozilla-Keys:                                                                               
    Return-Path: <[email protected]>
    X-Original-To: [email protected]
    Delivered-To: [email protected]
    Received: from domaine-sender.com (domaine-sender.com [12.34.56.78])
       by hostname.notsame.net (Postfix) with ESMTPS id 3DB3C603D7
       for <[email protected]>; Mon,  7 Oct 2019 17:14:55 +0000 (UTC)
    
    As you can see, [email protected] have a different Smtp sender name, this is what you mean ? or I don't understand ?
    That's exactly the concept to send spam, and be easily rejected by Gmail and Microsoft
    A simple text with Mxtools will confirm
    [​IMG]
    If [email protected] does not match SMTP Banner, why you are saying it can be a good pratice ? and not a problem for deliverability email ?
    And if Smtp Banner is shared with 10 domain name, I let you imagine what can happen if 1 domain name send spam ! Smtp Banner can be flashed as spammer and blocked by Gmail and Microsoft for all domain name using this SMTP Banner
     
    Last edited: Oct 8, 2019 at 11:21 AM
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Do whatever you want, I tell you just how professional large hosters are doing it and their emails don't end up as spam anywhere. I will not post any further in this matter, it's simply a waste of time.

    And your screenshots show that you did not follow my instructions, otherwise your hostname , smtp banner and reverse dns would not differ.
     
    Last edited: Oct 8, 2019 at 11:35 AM
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    Btw, I know what I'm doing, I'm in this business for just about 21 years now and managed servers for our customers (ISPS) which have ten thousands of accounts.
     
  16. albertf

    albertf Member HowtoForge Supporter

    Tiill, I just asked some additional questions with arguments, but it was not in my mind that you can be wrong, all your answers are always high quality and NEVER wrong, this is what I thinking and of course I will follow your recommendations above.
    thanks
     
  17. albertf

    albertf Member HowtoForge Supporter

    Hello Till,
    I have done exactly what you advised me and used server1.domaine-hostname.com, now the mail server has just one name, which corresponds to the hostname of the system and the domain name is not a subdomain of the domain of my hoster.
    Now, domaine-hostname.com match with Smtp Banner
    But when I am sending email with Domain-user.com (Ip 123.123.456 dedicated Ip) using this Vps to be hosted, these emails are send with the IP of server1.domaine-hostname.com and not with the dedicated Ip of Domain-user.com
    That's a normal result ? All domain name will send al emails with the IP of server1.domaine-hostname.com ?
    Thanks
     
  18. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Is this the mail server host that has two IP-numbers? You can configure postfix to use the IP-number you want as sending IP.
     
  19. albertf

    albertf Member HowtoForge Supporter

    No the mail servers has only one Ip
    How I can do that ?
     
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    You can't do that if you have just one IP. Besides that, it's not necessary to assign multiple IP#, except you plan to send spam mass mailings.
     

Share This Page