I have undone that and now the email is going out!!! 
1 Like
rejoiced too soon. After the change, Thunderbird can no longer connect to the Server. It’s just the emails in the queue that went out.
i think now its working.
i can send an receive emails on thunderbird. i use IMAP on port
993 with SSL/TLS and
587 with STARTTLS
Use SASL SMTP authentication? still: “NO”
Email over Usermin are also working.
I was about to switch to ISPConfig 
Use SASL SMTP
yeh, you don’t want that on.
- Enable SASL authentication in the Postfix SMTP client. By default, the Postfix SMTP client uses no authentication.
- This setting tells Postfix to use SASL Authentication when it is acting as a client (or Relaying?)
- Postfix SASL Howto - This will descrbe the mechanism more
- Postfix Configuration Parameters - this is the individual options description
I wanted to get in touch again. unfortunately it still doesn’t work.
I made the following observation:
if I set SASL SMTP authentication to on, i can connect Thunderbird but emails still on Queue and dont go out.
if I set SASL SMTP authentication to off: emails works fine whit Roundcube but Thunderbird cant connect to the Server.
i Think I need to examine Thunderbird settings. I’m currently using roundcube but it’s tedious for multiple domains.
tedious? in what way?
Webmin → Servers → Postfix → SMTP Authentication And Encryption → Use SASL SMTP authentication?: OFF
All settings and configuration are explained on my article page. Everything you need is there.
This is a my perfect postfix main.cf from my Ubuntu server. compare this with yours. Do not just blindly copy and paste, however I don’t think it will break anything
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = server.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, server.example.com, localhost.example.com, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
allow_percent_hack = no
resolve_dequoted_address = no
tls_server_sni_maps = hash:/etc/postfix/sni_map
milter_default_action = accept
smtpd_milters = inet:127.0.0.1:8891,local:/var/run/milter-greylist/milter-greylist.sock
non_smtpd_milters = inet:127.0.0.1:8891,local:/var/run/milter-greylist/milter-greylist.sock
message_size_limit = 50000000
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_limit = 50
disable_vrfy_command = yes
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_auth_only = yes
smtpd_helo_required = yes
- restart Postfix when you make any changes
Sorry, i mean stressful
i had to install Roundcube 4 times for 4 domains, and each time I have to check whether emails are there.
i don t have all these lines:
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_limit = 50
disable_vrfy_command = yes
smtpd_tls_auth_only = yes
smtpd_helo_required = yes
message_size_limit = 50000000
these lines don t have coma in my main.cf
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
these are short in my main.cf
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = inet:127.0.0.1:8891
and i have this line
broken_sasl_auth_clients = yes
the rest is the same
i don t have all these lines:
- thats fine, but these are an improvement
these lines don t have coma in my main.cf
- items can be separated by space or comma, it makes no difference
- do you have the exact same options in these lines, i would surprised unless you have been messing
with them.
these are short in my main.cf
- I think you mean these lines are shorter than mine.
- The extra bits are to do with the greylisting featur of virtualmin, if not enabled you can just uses your shorter version.
and i have this line
- this is in mine as-well.
Why don’t you just try replacing your config with mine with the following notyes
P.S.
- I am not a Linux expert and I assume you have backups as required.
- You need to read my article for my in-depth explanations of all the options.
- dont forget to remove the greyfilter bits as mentioned above (or turn it on before swapping the config)
- you need to change the domain name to mathc your host name i.e.
example.comandserver.example.com - keep a copy of your current config.
1 Like
I added the last lines and then Roundcube stopped working.
I restored the backup.
Now I can at least receive on Thunderbird but not send. Roundcube works fine. I think I need to check Thunderbird settings.
The reason it is broken is you a messing with options you don’t understand.
Your issue can be a few things. Just try the whole config as per my instructions
I’ll try it tomorrow, I tried too much today, I’m tired and I can’t think straight anymore.
but thank you for your effort 
Fair enough, just one last thing.
After using my config, Check sending and recieving mail using usermin before try to get thunderbird to work. This rules one thing out while testing.
1 Like
Yes I see your point. That is a penalty of performing systems management across multiple domains that have different apps required on them.
Wouldn’t it be nice to have one install that was a Webmin app that could work across all VS/domains - No but wait (what about the mess that configuration would cause!) Each domain has an owner/individual/company who has their own requirements group of users/policies -ugh what a mess - so we put the owner in that seat. put Roundcube (or whatever app) on the VS then make that individual manage their own peculiarities.
with well over 50 domains 5 VM we have more than enough to do!
I used your main.cf, it worked for about 5 minutes, then the error came back in Thunderbird (Roundcube works perfectly)
then I use my original main.cf Roundcube also works perfectly but Thunderbird doesn’t, at some point Thunderbird works without me changing anything in the settings dann it doesnt work again after 4-5 Minutes.
I have the same problem on 3 different servers with 3 different web hosts. and I do a fresh installation every time, not a restore. i tried Ubuntu and Debian11/12.
Now i have my main.cf. My iPhone, Thunderbird and Roundcube sync very well. i will check it in 1 - 2 hours.
I would also like to check the email log but I can’t find it
If I used roundcube I would use one centralised copy of it just like cPanel, plesk.
I do this for phpmyadmin.
One app to control them all
I used your main.cf, it worked for about 5 minutes, then the error came back in Thunderbird (Roundcube works perfectly)
this means the config is correct. It is an issue with thunderbird or the connection to the server. Keep my config and resolve the connecion issue i.e. fail2ban which I am sure has been mentioned earlier.
Usual one causing blocks is an IMAP profile with incorrect credentials or settings which causes the IP to get blacklisted.
You don’have one of those peculiar Thunderbird add-ons activated by any chance? - the delay has me confused and thinking it is a client based action.
I only have 1 client interested in PHP (not one using WP).
the rest use NodeJS or Go
(and they would all be hopping 
**!! if they each HAD to use the same version)
i can see from a system admin perspective having one global installation of Roundcube being a potential benefit as long as separate domain based configurations were available (and easily managed in the GUI).
it would save some disk space and resource
for phpMyAdmin do you manage each domain database separately?