Mail Client, Relay and https on port 10000 not working

Hi,

I am facing 3 issues, but to ensure it does not get confusing and can be helpful for others as well, I am rising only 1 issue at a time. I will raise other 2 issues once the 1st issue has been resolved

I am using Virtualmin to host few private websites and am able to use Let’s Encrypt SSL and able to send and receive emails using RoundCube to and from domain email id and personal email ids like Gmail and yahoo (haven’t tried Hotmail/Microsoft).

However, I am struggling to configure mail client like Outlook and/or Thunderbird. I have tried all settings possible (SSL/TLS, STARTLS, Auto, plain password) bit nothing worked. I have even tried other mail clients assuming that it might auto detect and auto configure the mailserver. But again, no gain.

I have read multiple articles/posts on Virtualmin and tried changing SSL/TLS setting, but that kills my RoundCube - either IMAP or SMTP or both.

Some background information:
I am using Ubuntu 18.04 LTS and Virtualmin 1.941
I have created 4 domains (virtual servers)
Domain1 dot com
This is also my hostname and mail server
Output of hostname: mail
Output of hostname -f: mail.domain1.com
This is supposed to be main/super domain for all other website/domains, but this website has not been built yet
But mails can be sent and received using RoundCube.

Domain2 dot co dot uk

Domain3 dot co dot uk
This has got 1 domain and 4 subdomains
All 5 website is ready and working fine
Here mails can be sent and received using RoundCube for main domain
Mails will not be created or used via any subdomain.

Domain4 dot co dot uk
This website has been built and working fine.
But mails can be sent and received using RoundCube.

Coming back to the original issue:
I am unable to configure any emails (out of these 16) on a mail client, which is very critical for me. I will be using at least 4 email ids on all 4 domains, so that that will be around 16 email ids that I need to keep an eye on, so I cannot afford to open 16 browser tabs and keep checking 16 RoundCube emails.

As I said I have gone thru hundreds of posts, but none of them have been conclusive or at least I was not able to use it appropriately as I am still facing the same issue even after a month.

Thanks in advance and I look forward for your help and suggestion.

Apologies for the dot co dot uk. System does not allow me to put more than 2 links as I am new to this forum.

Just to add a little more information to the topic…

I tried following what andreychek suggested on a post dated: Sun, 06/10/2018 - 22:15 and copied clicked on “Copy to Webmin”, Usermin, Dovecot and Postfix".

After that I am not sure what happened to Dovecot and Postfix, but now I cannot access Virtualmin on port 10000 on SSL, I have to run it on http:// and Usermin (:20000) is accessible on https:// but with an error.

Before copying the certificate both Virtualmin and Usermin used to work on SSL without any issues/alert (except the first time warning, which I accepted).

Looks like I am messing it up by following more articles and suggestions.

Any help will be highly appreciated.

Many Thanks,
Rav

AS far as the email clients. Are you sure you’re putting the user name correctly? I have clients all the time try to use their email address as the user name. Which is wrong in a default virtualmin setup. The user name should be blah.domain.com or blah.domain, not blah@domain.com. Most mail clients default to the @ for the user name. You never said the error you’re getting but thats my only hurdle with users and email clients.

Thanks for getting back Scotwnw.

Yes, I was using @ in my user name, so based on your suggestion, I have changed it to “.” but it still does not work.

So to provide more information here is my Thunderbird setup:
Name: Info
Email id: info@domain dot co dot uk
Password: the real password
Clicked “Continue”

I get a message: Configuration found at email provider
It also gives me a warning:
Outgoing: SMTP domain dot co dot uk “No Encryption”
Clicked “Done”.
System gives a warning pop up, showing I am sending an email which is non-encrypted and asks me to change settings – which I can’t, so I accept the risk and click in £Done”

This takes some time, trying to configure, but finally fails with an error message:
Unable to log in at server. Probably wrong configuration, username or password.

So I click on Manual configuration
Here, system generates: IMAP server as: mail dot domain dot co dot uk and
SMTP server as: domain.com – so I changed this to: mail dot domain dot co dot uk

And then as per your suggestion I changed the user name from info@domain.co.uk to @info.domain.co.uk for both Incoming and Outgoing

IMAP: Port: 143, STARTLS Normal Password
SMTP: Port: 587, STARTLS Normal Password

Clicked: “Re-test”

This initiates a trial process: Looking for configuration: probing server
However, this also fails with an error message:
Thunderbird failed to find the settings for your email account.

Here is my firewall port status as well:

root@mail:~# ufw status
Status: active

To Action From

80 ALLOW Anywhere
443 ALLOW Anywhere
10000/tcp ALLOW 192.169.0.42
20000/tcp ALLOW 192.169.0.42
25/tcp ALLOW Anywhere
465/tcp ALLOW Anywhere
587 ALLOW Anywhere
587/tcp ALLOW Anywhere
143/tcp ALLOW Anywhere
25/tcp (v6) ALLOW Anywhere (v6)
465/tcp (v6) ALLOW Anywhere (v6)
587 (v6) ALLOW Anywhere (v6)
587/tcp (v6) ALLOW Anywhere (v6)
143/tcp (v6) ALLOW Anywhere (v6)

root@mail:~#

Hope this helps.

Many Thanks,
Rav

Don’t guess at the username. Look at the Edit Users page for the domain. The username is provided in the IMAP/POP3/FTP field. (It will differ based on configuration, and the default has changed over the years.)

Hi Joe, you are right and I did check it at: IMAP/POP3/FTP field and it shows:user@domain.co.uk

However, when I checked it at: etc/passwd it showed me 2 entries:
user@domain dot co dot uk
user-domain dot co dot uk

Having said that I have just tested it on my friend’s laptop with Outlook 2013 and the testing showed following results:

Good News:
SMTP was successful using Port 25
I have just deleted the rule on UFW for open port 465 and 587 (so they are not open anymore). And the Outlook test still works for SMTP with “TLS” or “None” authentication on port 25

Bad News:
IMAP failed on port 143, with an error: Log onto incoming mail server (IMAP): The server refused the connection.

I am not sure why IMAP is failing when I have opened port: 143, 993 and 995
I have just tried changing the Port and encryption type and this is the error that I get:
IMAP: Port Any (143/993/995): Encryption: “None” gives error: “Log onto incoming mail server (IMAP): Your server unexpectedly terminated the connection. Possible causes include server problems, network problems, or a long period of inactivity.”
IMAP: Port Any (143/993/995) Encryption: “SSL” or “TLS” or “Auto” gives error: “Log onto incoming mail server (IMAP): A secure connection to the server cannot be established.”

Here is the latest UFW configuration:

root@mail:/etc# ufw status numbered
Status: active

 To                         Action      From
 --                         ------      ----

[ 1] 80 ALLOW IN Anywhere
[ 2] 443 ALLOW IN Anywhere
[ 3] 10000/tcp ALLOW IN 192.169.0.42
[ 4] 20000/tcp ALLOW IN 192.169.0.42
[ 5] 25/tcp ALLOW IN Anywhere
[ 6] 143/tcp ALLOW IN Anywhere
[ 7] 993 ALLOW IN Anywhere
[ 8] 993/tcp ALLOW IN Anywhere
[ 9] 995/tcp ALLOW IN Anywhere
[10] 995 ALLOW IN Anywhere
[11] 25/tcp (v6) ALLOW IN Anywhere (v6)
[12] 143/tcp (v6) ALLOW IN Anywhere (v6)
[13] 993 (v6) ALLOW IN Anywhere (v6)
[14] 993/tcp (v6) ALLOW IN Anywhere (v6)
[15] 995/tcp (v6) ALLOW IN Anywhere (v6)
[16] 995 (v6) ALLOW IN Anywhere (v6)

And here is port listening status:

root@mail:/etc# netstat -an | grep :993
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp6 0 0 :::993 :::* LISTEN
root@mail:/etc# netstat -an | grep :995
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp6 0 0 :::995 :::* LISTEN
root@mail:/etc# netstat -an | grep :995
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp6 0 0 :::995 :::* LISTEN

Many Thanks,
Rav

Two usernames is normal (necessary). Some services don’t support a username with @ in it, so we have to have two names, but it’s the same UID. Either should work for logging in for mail.

Look in the maillog or mail.log for clues. I don’t remember if Ubuntu automatically creates the mail.log, so maybe check journalctl -u dovecot, as well. There should be something about why it’s failing.

Thanks Joe.

As I said, I am new to Linux world and probably need some hand-holding here.

Went to: /var/log/ and got:

-rw-r----- 1 syslog adm 121818 Jan 23 20:18 mail.err
-rw-r----- 1 syslog adm 258568 Jan 18 15:49 mail.err.1
-rw-r----- 1 syslog adm 6174676 Jan 23 20:22 mail.log
-rw-r----- 1 syslog adm 4325854 Jan 19 06:23 mail.log.1
-rw-r–r-- 1 root root 0 Jan 11 18:28 mail.warn

mail.log is in a mess with 1000s of error, failures, success and everything else…
mail.log.1 is in fairly better state but still loads of data available over there as well.
mail.log.1 from 11th Jan to 19th Jan
mail.log has stats from 19th Jan till today

mail.err.1 has stats from 12th Jan – 18th Jan and is very clean
mail.err. has stats from 21st Jan – today and is full of errors
Is there a way, I can clear all the logs and start afresh – I might choose to do that every now a then… if possible using a date range.

Here is an extract from mail.err (These are the 3 types of error messages that are latest):

Jan 22 00:17:52 mail dovecot: imap(sales-domain2 dot co uk): Error: stat(/home/tabs/homes/sales/Maildir/tmp) failed: Permission denied (euid=1042(sales@domain2 dot co uk) egid=1018(tabs) missing +x perm:$
Jan 22 00:17:52 mail dovecot: imap(sales-domain2 dot co uk): Error: stat(/home/tabs/homes/sales/Maildir/tmp) failed: Permission denied (euid=1042(sales@domain2 dot co uk) egid=1018(tabs) missing +x perm:$
Jan 22 01:12:56 mail dovecot: master: Fatal: Dovecot is already running with PID 28097 (read from /var/run/dovecot/master.pid)
Jan 22 11:36:08 mail dovecot: master: Error: unlink(/var/run/dovecot/master.pid) failed: No such file or directory (in main.c:518)
Jan 22 11:36:08 mail dovecot: ssl-params: Fatal: Error reading configuration: read(/var/run/dovecot/config) failed: read(size=8192) failed: Connection reset by peer
Jan 22 11:36:08 mail dovecot: anvil: Fatal: Error reading configuration: read(/var/run/dovecot/config) failed: read(size=8192) failed: Connection reset by peer
Jan 22 17:01:25 mail postfix/postfix-script[15757]: fatal: the Postfix mail system is not running
Jan 22 17:15:31 mail postfix/smtp[22485]: fatal: specify a password table via the `smtp_sasl_password_maps’ configuration parameter

Again, journalctl -u dovecot gives an output right from 16th Jan till today and

There were few error yesterday with “Connection closed” and “Permission denied” but today looks okay to me…
Jan 22 20:34:22 mail dovecot[8340]: imap-login: Login: user=<info-domain.tld>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=25794, secured, session=<q8Yac8CclqZ/AAAB>
Jan 22 20:34:22 mail dovecot[8340]: imap(info-domain.tld): Logged out in=90 out=926

Hope this helps. If you need more logs, pls do let me know.

Thx: Rav

Ok… So I have fixed mail relay - using Sendmail which messed upPostfix but nevertheless I got the mail relay working and tested it onkly to find out that mail relay solution is not right for me because my primary mode has to be email and I cannot use both at the same time at least not on the same server.

Then started code reveral and Postfix is very sentimental about its configuration so it decided not work come back clean, which took me few hours to convince him to come back in the ground to play again amd eventually he did.

I am sharing this story so that if people get excited about using the mail relay, they can be aware of all the facts and depedencies.

Many Thanks,
Rav

I have rebuilt the sever, which cleaned all the email error and warning and I am able to use email (roundcube), but email client is still not working…

I dug deeper and I think I have all the information now (hostname, port, security etc.) - however, I am not sure if all of them are right or wrong and I am not clear on how to use these information to get Outlook 2016 or Outlook on O365 work - even happy to compromise with Thunderbird or any other sensible and feature rich 3rd partly email client.

For legends like Joe, Eric, I am sure this will be more like baby stuff - simple config issue.

Any help, will be highly appreciated.

Many Thanks,
Rav

Hi,

Any support on this?

This is becoming a deal breaker for me now… I need to access at least 8 emails on the fly and so going into 8 tabs on a browser to access roundcube is not an option for me.

I have once again rebuilt everthing - server, website, domain, virtual server, mailbox everything… and I am still struggling with same 2 issues: accessing admin pannel using FQDN (let’s leave it for another day) and be able to configure all my mailbox on outlook or thunderbird.

I just followed the steps given here: https://www.virtualmin.com/documentation/email/pop-and-imap

And also tried changing all possible options - but still not luck.

Can anyone pls spare few mins and work with me - I can be available 24x7 to be able to work with anyone across the world (just let me know your time zone) to fix this issue on an urgent basis as I have started considering another pannel like ISPConfig and also contemplating the idea of moving the entire email management to Zoho or something simillar… but it would be sucha great shame if we cannot run and manage our own email here on Virtualmin, which seem to be such a powerfull tool.

Many Thanks,
Rav

Hi Rav, that piece of advice right there is incorrect. You cannot copy multiple SSL certificates on the same ip address into postfix for SMTP mail. It will not work that way. All that you will do each time, is have postfix change the previous SSL cert to the newer one every time you do that for any and all of the domains.

What this means is that say your server is (as you say) mail.domain.com, then that is the only SSL certificate that should be used in postfix on a server where there is only a single ipaddress.

If you add virtual server called apples.com, and then copy its SSL certificate to postfix, I am of the belief that will overwrite the original mail.domain.com servers own SSL for postfix. This means you server will have the wrong SSL certificate for postfix and email clients wont like that (especially mail clients like MS outlook which is very particular about this).

Also, its important that your domain dns is spot on…get that wrong and email client apps wont like it.

You should also ensure that in your dns you have correct spf and dkim records.

your server reverse ip should be correct (this is important for mail)

I personally would dump the idea of a mail relay until you first get the mail server working directly without going through a relay service. Obviously if your host does not allow standard outgoing mail ports, then that will be a problem. Having said that, I have used virtualmin on google cloud (which does not allow outgoing mail on standard ports) and it works flawlessly with sendgrid.

If its an option for you, start off with a simple default virtualmin configuration (not using mail relay). Get it working that way first, then setup system to relay through sendgrid. I wouldn’t place too much faith in “oh but it works through roundcube”, that means nothing to Outlook. With roundcube I assume you are accessing via web interface (same as Usermin). That in no way means it is setup correctly to work with an app or that you have the app configured correctly.