Dear all, I am confused. I set up ISPCONFIG. All things runs smoothly apache, pure-ftp, wordpress, drupal. Now I finished a set up of dovecot and postfix. A created domain and mailbox. I am able to connect to mailbox from command line, both POP3 plain and POP3 secure, even open mailbox, perfectly. This is the guide BUT, when trying to fetch mail from server's mailbox via Google mail it always say: There was a problem connecting to www.domainname.cz Server returned error: "Connection timed out: There may be a problem with the settings you added. Please contact your other email provider to verify the correct server name and port." Any "hack" for this? Cannot see any connection from Google servers to my mail server in /var/log/dovecot.log (e-mails are distributed with the mailbox perfectly)
Ok, so if I understand you correctly, you can connect locally but not from an external pop3 or imap client. This is an indication that y firewall blocks the connection (on the server or inf front of the server) or if your server is hosted behind a router, then it might be that you did not forward the pop3 / imap /pop3s and imaps ports on the router to the server.
No, i did all test locally to localhost from console AND globally from public internet address = all working.
Please run the test script and post the result: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Ubuntu 18.04.5 LTS [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1.15p3 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.10 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 557) [INFO] I found the following mail server(s): Unknown process (smtpd) (PID 10671) [INFO] I found the following pop3 server(s): Dovecot (PID 4349) [INFO] I found the following imap server(s): Unknown process (init) (PID 1) [INFO] I found the following ftp server(s): PureFTP (PID 853) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:10023 (478/postgrey) [localhost]:10024 (29053/amavisd-new) [localhost]:10025 (32321/master) [localhost]:10026 (29053/amavisd-new) [localhost]:10027 (32321/master) [anywhere]:587 (32321/master) [localhost]:11211 (537/memcached) [anywhere]:110 (4349/dovecot) [anywhere]:143 (1/init) [anywhere]:465 (32321/master) [anywhere]:21 (853/pure-ftpd) ***.***.***.***:53 (318/systemd-resolve) [anywhere]:22 (600/sshd) [anywhere]:25 (10671/smtpd) [anywhere]:2812 (26794/monit) [anywhere]:993 (1/init) [anywhere]:995 (4349/dovecot) *:*:*:*::*:10023 (478/postgrey) *:*:*:*::*:10024 (29053/amavisd-new) *:*:*:*::*:10026 (29053/amavisd-new) *:*:*:*::*:3306 (20341/mysqld) *:*:*:*::*:587 (32321/master) [localhost]10 (4349/dovecot) [localhost]43 (1/init) *:*:*:*::*:8080 (557/apache2) *:*:*:*::*:80 (557/apache2) *:*:*:*::*:465 (32321/master) *:*:*:*::*:8081 (557/apache2) *:*:*:*::*:4949 (21553/perl) *:*:*:*::*:21 (853/pure-ftpd) *:*:*:*::*:22 (600/sshd) *:*:*:*::*:25 (10671/smtpd) *:*:*:*::*:443 (557/apache2) *:*:*:*::*:2812 (26794/monit) *:*:*:*::*:993 (1/init) *:*:*:*::*:995 (4349/dovecot) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25,465,587,143,993,110,995 f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21,20,990,989 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-postfix-sasl (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-pure-ftpd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable ... ... lots
Where is your server located? in a datacenter or is it a cloud node or is it hosted at home or in office?
Please check the VPS control panel of your data center to see if they run any kind of firewall which might block the connection from Google.
They do NOT block anything. Meanwhile, I contacted a Google support, They found nothing (as expected). After that I tried to substitute FQDN with IP address and... It seems better. but still some problem with certificates?
The ssl error is to be expected when you use an IP instead of a domain. If it works with the IP, then there is no issue with your server or a firewall, the problem is DNS then. Either the domain / subdomain that you entered as mail server at google doe snot exist or it points to a different server.
I see, but: - hostname -f is OK - host <fqdn> is OK - ifconfig is OK - ssl for dovecot is OK for that domain is OK where to search pro problems next?
Verify the mail server FQDN you entered in GMail is the correct name and resolves from Google name service. Also check you configured GMail to use POP3 and not IMAP.
That's not the DNS setup that you tested. You just checked the server hostname locally. When Gemail says that it can't connect to your server, then you must check the dns records in the authoritative dns server of that domain, and not on your ispconfig system.
You are probably right, when I change FQDN with IP adress (in Gmail fetchsetup) it do something. But I have no idea, where to start...
IP seems fine. It points me to some problem with cert. Even after re-installation of cert for ISPconfig (https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/) Status: connect to https://www.<ispconfignamedomain>:8080 PERFECT connect to https://www.<ispconfignamedomain> --- Did Not Connect: Potential Security Issue Web sites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for <ispconfignamedomain>. The certificate is only valid for the following names: <theotherdomainonispconfigserversite>, <theotherdomainonispconfigserversite> Error code: SSL_ERROR_BAD_CERT_DOMAIN connect to https://www.<ispconfignamedomain>:80 --- An error occurred during a connection to <ispconfignamedomain>:80. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG connect to https://www.<ispconfignamedomain>:8080/munin --- PERFECT Yes I understand the problem is with SSL cert. But I did all setups under with the from ISPConfig. <ispconfignamedomain> has its ispserver.crt ispserver.key and ispserver.pem under /usr/local/ispconfig/interface/ssl, ispconfig.conf and ispconfig.vhost <theotherdomainonispconfigserversite> has its own ispconfig.conf and ispconfig.vhost and cert /var/www/clients/client1/web7/ssl/<theotherdomainonispconfigserversite>-le.crt /var/www/clients/client1/web7/ssl/<theotherdomainonispconfigserversite>-le.key There is something inside the "system" in collision.
If you need a certificate for <ispconfignamedomain> you create in ISPConfig panel website <ispconfignamedomain> and turn on LE certificate for that. Then you use that certificate for the services that need certificate, like dovecot for example.
I did it with this guide: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/ What so you mean by: "you create in ISPConfig panel website"? Should I create Site with domain name same as <ispconfignamedomain>? The Guide (see on the top) generates certificate with the another way...
