Problem connecting to Dovecot secure ports

I have Virtualmin installed on Ubuntu server 18.04. I have several vhosts configured and I’m trying to configure an email client (gmail) to import.
When I run telnet <server's IP> 995 I connect successfully.
When I run the command openssl s_client -connect <server's IP>:995 I connect successfully and can login with the email user.
But, when I try to configure gmail to fetch mail from pop3 server using same details it fails and I receive timeout error. It works fine with port 110.

Any idea what I’m doing wrong?

In the mail log I see the following:
Sep 7 15:24:35 vps dovecot: pop3-login: Disconnected (no auth attempts in 25 secs): user=<>,,, TLS handshaking: SSL_accept() syscall failed: Success, session=<R9Lf0Lqu74LRVaeX>

Do you DMARC enabled? I think Google refuses to talk to mail servers that don’t (but I wouldn’t swear to that).


DKIM, SPF and DMARC are all defined. BTW, I’m using Cloudflare as my DNS.


Is your Cloudflare TLS certificate is generated? I would check the following links:

  1. Troubleshooting SSL errors
  2. SSL handshake failed

I have the same issue and I use Cloudflare as well. Also, I can’t do to log into my VM GUI. I have to use the IP:port.I’m thinking cloudflare (CF) isn’t good on passing the port like to gmail hence the reason for the timeout. I believe I would have to run my own nameserver to get it working but I could be wrong so you may want to wait for other answers or maybe someone nows how to setup CF to do this.

Off topic, @stuckinthehouse. If you start a new topic we could discuss how the cloudflare setting of leaving a port unmolested could solve your problem.

@stuckinthehouse, even though this is off topic I think you are correct. Cloudflare does not proxy mail protocols like POP3, SMTP or IMAP. As a result I’m not using CF to proxy my pop3 and use it only as DNS but with no luck. Just a reminder, I am able to connect to Dovecot POP3 via the command openssl s_client -connect but I fail to connect via gmail.

Because I use CF certificate, and because CF does not proxy mail protocols, I use CF just as a DNS thus having my without an SSL certificate. I’ve replaced the self signed certificate with a Let’s encrypt certificate and now POP3 995 is working as expected.

Thank you for your support.

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.