Unable to fetch POP3 mailboxes from Gmail on Dovecot

Discussion in 'Installation/Configuration' started by MaKa, Sep 11, 2020.

  1. MaKa

    MaKa New Member

    Dear all, I am confused.
    I set up ISPCONFIG. All things runs smoothly apache, pure-ftp, wordpress, drupal.
    Now I finished a set up of dovecot and postfix. A created domain and mailbox.
    I am able to connect to mailbox from command line, both POP3 plain and POP3 secure, even open mailbox, perfectly.
    This is the guide

    BUT, when trying to fetch mail from server's mailbox via Google mail it always say:
    There was a problem connecting to www.domainname.cz
    Server returned error: "Connection timed out: There may be a problem with the settings you added. Please contact your other email provider to verify the correct server name and port."

    Any "hack" for this? Cannot see any connection from Google servers to my mail server in /var/log/dovecot.log
    (e-mails are distributed with the mailbox perfectly)
     

    Attached Files:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so if I understand you correctly, you can connect locally but not from an external pop3 or imap client. This is an indication that y firewall blocks the connection (on the server or inf front of the server) or if your server is hosted behind a router, then it might be that you did not forward the pop3 / imap /pop3s and imaps ports on the router to the server.
     
  3. MaKa

    MaKa New Member

    No, i did all test locally to localhost from console AND globally from public internet address = all working.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. MaKa

    MaKa New Member

    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Ubuntu 18.04.5 LTS
    [INFO] ISPConfig is installed.
    ##### ISPCONFIG #####
    ISPConfig version is 3.1.15p3
    ##### VERSION CHECK #####
    [INFO] php (cli) version is 7.4.10
    ##### PORT CHECK #####
    ##### MAIL SERVER CHECK #####
    ##### RUNNING SERVER PROCESSES #####
    [INFO] I found the following web server(s):
            Apache 2 (PID 557)
    [INFO] I found the following mail server(s):
            Unknown process (smtpd) (PID 10671)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 4349)
    [INFO] I found the following imap server(s):
            Unknown process (init) (PID 1)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 853)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    [localhost]:10023               (478/postgrey)
    [localhost]:10024               (29053/amavisd-new)
    [localhost]:10025               (32321/master)
    [localhost]:10026               (29053/amavisd-new)
    [localhost]:10027               (32321/master)
    [anywhere]:587          (32321/master)
    [localhost]:11211               (537/memcached)
    [anywhere]:110          (4349/dovecot)
    [anywhere]:143          (1/init)
    [anywhere]:465          (32321/master)
    [anywhere]:21           (853/pure-ftpd)
    ***.***.***.***:53              (318/systemd-resolve)
    [anywhere]:22           (600/sshd)
    [anywhere]:25           (10671/smtpd)
    [anywhere]:2812         (26794/monit)
    [anywhere]:993          (1/init)
    [anywhere]:995          (4349/dovecot)
    *:*:*:*::*:10023                (478/postgrey)
    *:*:*:*::*:10024                (29053/amavisd-new)
    *:*:*:*::*:10026                (29053/amavisd-new)
    *:*:*:*::*:3306         (20341/mysqld)
    *:*:*:*::*:587          (32321/master)
    [localhost]10           (4349/dovecot)
    [localhost]43           (1/init)
    *:*:*:*::*:8080         (557/apache2)
    *:*:*:*::*:80           (557/apache2)
    *:*:*:*::*:465          (32321/master)
    *:*:*:*::*:8081         (557/apache2)
    *:*:*:*::*:4949         (21553/perl)
    *:*:*:*::*:21           (853/pure-ftpd)
    *:*:*:*::*:22           (600/sshd)
    *:*:*:*::*:25           (10671/smtpd)
    *:*:*:*::*:443          (557/apache2)
    *:*:*:*::*:2812         (26794/monit)
    *:*:*:*::*:993          (1/init)
    *:*:*:*::*:995          (4349/dovecot)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25,465,587,143,993,110,995
    f2b-pure-ftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21,20,990,989
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain f2b-postfix-sasl (1 references)
    target     prot opt source               destination
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-pure-ftpd (1 references)
    target     prot opt source               destination
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    ...
    ...
    lots
     
  6. MaKa

    MaKa New Member

    any ideas please?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Where is your server located? in a datacenter or is it a cloud node or is it hosted at home or in office?
     
  8. MaKa

    MaKa New Member

    In Datacenter, it is a VPS SSD (no cloud), public IP, ispconfig with 4 WWW servers.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Please check the VPS control panel of your data center to see if they run any kind of firewall which might block the connection from Google.
     
  10. MaKa

    MaKa New Member

    thank you, I'll send request to my provider ASAP
     
  11. MaKa

    MaKa New Member

    • They do NOT block anything.
    • Meanwhile, I contacted a Google support, They found nothing (as expected).
    • After that I tried to substitute FQDN with IP address and... It seems better.
    but still some problem with certificates?
     

    Attached Files:

  12. till

    till Super Moderator Staff Member ISPConfig Developer

    The ssl error is to be expected when you use an IP instead of a domain. If it works with the IP, then there is no issue with your server or a firewall, the problem is DNS then. Either the domain / subdomain that you entered as mail server at google doe snot exist or it points to a different server.
     
  13. MaKa

    MaKa New Member

    I see, but:
    - hostname -f is OK
    - host <fqdn> is OK
    - ifconfig is OK
    - ssl for dovecot is OK for that domain is OK
    where to search pro problems next?
     
  14. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Verify the mail server FQDN you entered in GMail is the correct name and resolves from Google name service.
    Also check you configured GMail to use POP3 and not IMAP.
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    That's not the DNS setup that you tested. You just checked the server hostname locally. When Gemail says that it can't connect to your server, then you must check the dns records in the authoritative dns server of that domain, and not on your ispconfig system.
     
  16. MaKa

    MaKa New Member

    You are probably right, when I change FQDN with IP adress (in Gmail fetchsetup) it do something.
    But I have no idea, where to start...
     
  17. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    My signature has a link to DNS Tutorial which explains how to test name service is working.
     
  18. MaKa

    MaKa New Member

    Status:
    • connect to https://www.<ispconfignamedomain>:8080 PERFECT
    • connect to https://www.<ispconfignamedomain> --- Did Not Connect: Potential Security Issue
      Web sites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for <ispconfignamedomain>. The certificate is only valid for the following names: <theotherdomainonispconfigserversite>, <theotherdomainonispconfigserversite>
      Error code: SSL_ERROR_BAD_CERT_DOMAIN
    • connect to https://www.<ispconfignamedomain>:80 ---
      An error occurred during a connection to <ispconfignamedomain>:80. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
    • connect to https://www.<ispconfignamedomain>:8080/munin --- PERFECT
    Yes I understand the problem is with SSL cert. But I did all setups under with the from ISPConfig.
    • <ispconfignamedomain> has its ispserver.crt ispserver.key and ispserver.pem under /usr/local/ispconfig/interface/ssl, ispconfig.conf and ispconfig.vhost
    • <theotherdomainonispconfigserversite> has its own ispconfig.conf and ispconfig.vhost and cert /var/www/clients/client1/web7/ssl/<theotherdomainonispconfigserversite>-le.crt
      /var/www/clients/client1/web7/ssl/<theotherdomainonispconfigserversite>-le.key
    There is something inside the "system" in collision.
     
    Last edited: Sep 17, 2020 at 7:05 PM
  19. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    If you need a certificate for <ispconfignamedomain> you create in ISPConfig panel website <ispconfignamedomain> and turn on LE certificate for that.
    Then you use that certificate for the services that need certificate, like dovecot for example.
     
  20. MaKa

    MaKa New Member

    I did it with this guide: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/ ;)

    What so you mean by: "you create in ISPConfig panel website"? Should I create Site with domain name same as <ispconfignamedomain>?

    The Guide (see on the top) generates certificate with the another way...
     

    Attached Files:

Share This Page