Sorry for this very basic question: How do I setup SMTP on the server - in webmin?
I have a VPS with a few domains. I run Postfix.
From the PC I use my ISPs SMTP. But from the phone it doesn’t work because of different network. I don’t want to try the phones settings because then I guess I guess it will not work when on WiFi, or out of phone companies reach.
I am not sure if my ISP/phone company block Port25 - how can I test that?
I believe my domain has a (one) domain entry (mx.mydomain.com) that functions as pop and smtp.
What I like it:
• Send my email via mx.mydomain.com
• Have it setup that only mail with **@mydomain.com is accepted
• Have some sort of security so people can’t spoof **@mydomain.com as sender and use my MX to SPAM.
Are you using Virtualmin? If not, I’d highly recommend to do that if you intend to do any kind of hosting (be it web or email, for customers or yourself). It will spare you a lot of trouble trying to set stuff up manually - especially if you are a newbie (considering you posted in the “Home for newbies” board ). Trying to set up Postfix for production use manually (you’ll probably also want spam and virus filtering, for which you need things like Procmail, SpamAssassin and ClamAV) is definitely something I’d suggest newbies should not do, and helping with that is surely beyond the scope of this forum.
So the recommended course of action would be installing Virtualmin on a fresh (i.e. newly set up) OS. Don’t install any hosting packages, only SSH. The Virtualmin installer will configure everything for you.
Eric,
I tried 465 with all settings (in Thunderbird) and didn’t manage to send any mail. I am not sure if 465 is open, but it seems I can make a telnet connection to that port. On Putty it looks the same as with port 25.
There is a possibility that I did made some errors in my setup a long while ago. If somebody could point me how to setup a secure SMTP I would be happy.
“didn’t manage to send any mail”: What error messages do you get in Thunderbird and in the server’s mail log?
What exactly happens when you connect to port 25 and 465 via Putty?
“Setting up SMTP”: So did you install Virtualmin using its installer script on a fresh OS back then? If so, it will have set up Postfix (including SMTP) automatically for you. If you set it up manually, there can be any number of things wrong, too much for guessing remotely what it could be.
Taking a look at your system directly (via Teamviewer and instant messenger/voice chat) and doing tests would be the only feasible thing to offer from my end. If more than say half an hour for that is required, I’d have to charge a fee though (need to make a living ).
“Setting up SMTP”: So did you install Virtualmin using its installer script on a fresh OS back then? If so, it will have set up Postfix (including SMTP) automatically for you. If you set it up manually, there can be any number of things wrong, too much for guessing remotely what it could be.
I used the Virtualmin installer script. But a long while ago I wanted to setup the SMTP server and get around the then port 25 blocking of my ISP, maybe I did break something then in webmin.
And if it’s a webmin change I am afraid it will effect all domains (some domains have no mail account at all).
When I do the putte telnet test on the ports it simply connects. Otherwise I don’t know how to test if ports are open or not. But some random ports did gave me an error message.
Where would I look to fix it - or make it work? In Webmin>Postfix I guess… and then?
It’s normal for telnet to just connect to port 465, it doesn’t generate other output by default.
If you look in the mail logs, do you see any errors?
Also, as Locutus mentioned, the master.cf file is what controls those ports, and whether they’re enabled… you’re welcome to post the contents of that file, though it does sound like port 465 is enabled.
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# =============================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# =============================================================
smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
# was 2500 inet n - n - - smtpd
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop. See the Postfix MAILDROP_README file for details.
Also specify in main.cf: maildrop_destination_recipient_limit=1
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
The Cyrus deliver program has changed incompatibly, multiple times.
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
Cyrus 2.1.5 (Amos Gouaux)
Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
See the Postfix UUCP_README file for configuration details.
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
Other external delivery methods.
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
PS: I am now at home and use a different ISP. Port 25 seems definitely blocked from here. 465 I can connect to, 587 not. I did a Windows > Run > CMD > telnet smtp.mydomain.com 25
Once uncommented, you may then need to copy out SSL certificates into Postfix.
To do that, go into Virtualmin, and enable SSL for one of your domains (if you haven’t already), in Edit Virtual Server -> Enabled Features -> “SSL Website”.
Then, go into Server Configuration -> Manage SSL Certificates, and click the “Copy to Postfix” button". You may need to restart Postfix after that.
Once you do that, try accessing port 465 and/or 587 again, and see if that does the trick for you.
I managed to send mail on port 465! Mail setting in Thunderbird is SSL/TSL and ‘normal password’.
Thanks again!
…let me use the edit function now… I got now this problem while trying the same for another domain on the same IP/VPS::
The following potential problems were detected with the modification of this virtual server :
SSL cannot be enabled for more than one domain on the IP address 111.111.111.111 unless a virtual IP interface or private port is enabled, or the certificate can be used for this domain. The current certificate is only valid for : *.mydomain.com, and it is being used by mydomain.com
Are you sure you want to continue?
Can I continue safely and then use the SMTP on both domain?
I should mention that the VPS is for my own use and I am not a reseller.
You can use the same cert on as many domains as you like, but if they don’t match (i.e. the cert is for “domain1.tld” and you’re editing “domain2.tld”), browsers/email programs will show a warning about an untrusted certificate. If it’s just for you, that should be no issue, since you usually can add a security exception to your software.
The proper way to go would be creating a multi-domain certificate with an official CA like StartSSL.
As far as I know, 587 is not necessarily encrypted, but uses explicit SSL (startssl) when requested. 465 is always encrypted (implicit SSL).
You can test that by telnetting to the port. If it connects but doesn’t output anything, it’s encrypted. If it shows the 220 greeting line, it’s explicit SSL.