Email issues

I’ve set up two accounts in virtualmin, an admin@domain and support@domain

Set up the DKIM, spf, txt, etc records at cloudflare

I can send emails, though at first they were getting sent straight to spam

However, I can’t receive email and get errors when trying to login from an email client. It says the certificate is invalid even though I set up the cert in dovecot and postfix config in virtualmin. And second, authentication always fails, even if I know I have the password right. On too of that, installed roundcube from script installer and it can’t do anything-sending gets smtp error 250, saying I’m unauthenticated. I can send email with the ‘mail’ command though. This is true for both accounts

All else works fine, apache with let’s encrypt ssl and everything

How do I get email working?

I’m using Ubuntu 18.04 on a virtualbox vm. Ports forwarded from host, including 465, 993, 587, 25, 995, 80, 443. UFW on host and guest allow these ports

I just can’t figure what what’s wrong here

Hi Colby_dev,

sorry i didnt reply myself to your original question on Friday…i was busy fixing server issues of my own on Friday and Saturday.

Ok, so about your email…I always check usermin first before using third party email clients such as roundcube, thunderbird, outlook etc

  1. you need to have at least created a virtualmin>virtual server as this email is for a virtual server domain.com (not for hostname.domain.com)

  2. have you run an mxtoolbox.com “mx:record” check for your domain.com?

  3. Are you able to login to usermin on your web browser?

ie https://yourdomain.com:20000

(dont forget for usermin to ensure port 20000 is open in firewall on both your server and also at your VPS hosting providers network firewall)

  1. you say you have setup mx, spf, DMARC records at cloudflare…I dont use cloudflare myself…i would not start with that. Get it working without cloudflare first would be my advice. Where is your SOA for dns? (i would add these records at the SOA first and wipe the cloudflare stuff for now). Adding additional steps into the equation just confuses things…first ensure your server is sending mail and it is being received correctly. Once that is sorted then add clouflare or sendgrid or whatever.

  2. I would suggest you check the postfix mail log. Webmin>System>System logs>(mail.err, mail.log, mail.warn)

Checking usermin shows that my email is being sent and received

My SOA is cloudflare, the domain I use registered with them

Still can’t sign in remotely

I’ll check logs in a minute and tell you if I see anything amiss

BTW, I control both host and guest server.

I can’t use my domain to login only my IP but I suspect that’s cloudflare interfering

Resolution is working and dig reveals the correct mx record

ok so if you are able to access via ip address but not through domain.com, then its definitely a dns issue.

BTW, how have your configured BIND in your Virtual Server Template Settings? It is possible that you have inadvertently set the Virtual Server to be its own start of Authority (I don’t know why this even makes a difference if dns is outside???)…um, now I am just trying to remember where this settings is…ah yes here it is,

*First

Go to Virtualmin>System Settings>Account Plans>Default Plan (or any other plan you may have configured)

Then scroll down and expand Allowed Virtual Server Features

Ensure that Bind DNS Domain is NOT SELECTED

This will ensure that Bind does not attempt to make itself the start of authority on your webserver.

*Second

Virtualmin>Edit Virtual Server> Expand Enabled Features

Ensure that DNS Domain enabled IS NOT selected

As a check once the above are done…

Virtualmin>Server Configuration> Should have a menu item "suggested dns records (mine has nothing else relating to bind or dns)

Let us know how your setup compares with the above and if it makes any difference.

Ok
Did as you suggested, now no difference though but now it doesn’t think it’s the SOA

Still can’t sign in via email client and sending emails from usermin gets

 Failed to send mail : SMTP command mail from: <support@domain.com> failed : 530 5.7.0 Must issue a STARTTLS command first

Oddly though sending emails via the mailutils mail command works fine though

And after doing that and shutting off the CDN proxy at cloudflare domain.com:20000 doesn’t work but webmail.domain.com successfully redirects to that

take a look at this thread at stackoverflow. See if it helps

https://stackoverflow.com/questions/23534256/failed-to-send-mail-via-php-must-issue-a-starttls-command-first

Also

https://virtualmin.com/node/34106

The SO link didn’t help but setting -o smtpd_tls_security_level=may I can now send email via Usermin

smtpd_sasl_security_options doesn’t exist in my configuration

Still the problems of signing in via mail client. Outlook seems to autodiscover the needed information but insists my password is wrong, even if I know it’s right. Tried with two separate accounts

Tomorrow I will try to link my virtualmin system with some third party email clients and will post my results.
I have had outlook linked to virtualmin before…i dont usually use my own mail servers for anything more than minimum required for website contact forms to function… i outsource client email to dedicated providers such as office 365 etc.

Having said the above, I don’t recall having had too much trouble setting outlook up with virtualmin but we will see.

Thanks for checking

We’re already paying enough for our servers :wink:
No sense throwing office 365 in the mix too

The problem you seem to have is not related to virtualmin nor postfix, your problem is that your outlook version has problems with the ssl authentication.
If you would try a mail client, something like thunderbird you would see you have no issues.

I had something similar on cPanel server and it drove me mad as I couldn’t figure out why, I had to change the SSL Cipher string in cPanel.

Looking at the ports, seems you have some important ones missing: 53,143,953, keep in mind most outlook versions will only be happy to use 465 instead of 587.

T.

I don’t use my server for DNS so 53 isn’t needed

I tried Spark email with same result (can’t use Thunderbird on mobile)

yes you are right.

I have had this problem with the outlook app in the past ( I had completely forgotten about this thanks for bringing that up).

From memory…and this was over a year ago so im very rusty on it, I vagely recall my issue baack them was due to the default naming convention used by virtualmin postfix vs what outlook app will accept (ie name.domain.com instead of name@domain.com).

There is a setting in virtualmin to change this naming convention…and there are posts on this forum about how to do that (I don’t have any links right now to post but im sure it was the main virtualmin postfix setup document that talks about how to change it).

I think I even posted a support request to Microsoft about this…and they were not helpful.

also check out the following thread …https://www.virtualmin.com/node/39785

this may be different from your problem but worth checking just the same

ok so i have just had a bit of a play with thunderbird.

What i have found is the following…

If in thunderbird, i set email address asuser@domain.com i get an error (because this is not actually the name of the virtual server user found in virtualmin)

In virtualmin the virtual server user was automatically created by virtualmin as user.virtualserver@domain.com This is the name found in virtualmin login and also in usermin login.

When i enter user.virtualserver@domain.com into thunderbird, along with the correct password, the auto configuration works immediately…even using my virtualmin server as the outgoing mail server… mail.domain.com.au on port 587 (START TLS)

Now when i attempt to send an email, the SSL certificate throws an error offering me the opportunity to confirm a security exception. Once i do this, the email sends no problems.

i havent checked whether the security exception relates to the mx records for the domain pointing at my hostname? (in any case, emails are sending and receiving from thunderbird). It may be that my dns mx record entry is not yet setup for the virtual server domain…and so its reverting back to my hostname.domain.com?

I am having problems with windows 10 mail trying to follow the same setup as in thunderbird…i suspect because of the user.virtualservername prefix?

What should I use as virtualserver name?

try either of the following (depending on how your server hierarchy is setup) i have a virtual sub server for this email that i am testing.

user@domain.com or,

user.virtualservername@domain.com (where user.virtualservername is the user you see at the bottom of the webmin/virtualmin dashboard menus ie logged in user)

I use the virtualmin login and ftp username for email

see image for the username locations that i use in order to make this work here (**note that the RHS arrow is pointing to the ftp user which may confuse, but that is the username i use for email clients!) https://drive.google.com/file/d/1y9kWwy3sA0N4R7Bc9_PntmztdkTBzWtf/view?usp=sharing

To clarify the user confusion between email and ftp…in virtualmin, there is a drop down box that i think illustrates why they are the same. You can give these new users either email or email+ftp access. See image
https://drive.google.com/file/d/1JKze2YcPajZgqIx8N0Xr3DW-FiXyvIzc/view?usp=sharing