Sending emails but not receiving emails

I have virtualmin installed with several virtual servers

Each virtual server have users and email accounts

I can send emails but I can’t receive emails.

If I try to send an email from a gmail account to one of the emails of my virtual servers that gmail account receives and email back that says:

There was a temporary problem delivering the message to xxxx

This is the response from the remote server:

454 4.7.0 TLS not available due to local problem

It only receive emails from email accounts from other domains in the same server
And I just tried with and I’m receiving emails from
Seems that only fails form gmail that problably forces TLS/SSL encryption

Any suggestion?


Operating system: CentOS
OS version: CentOS 7 2009

That’s gmail telling you that it is unable to connect to your server via TLS.

Have you installed an SSL certificate for Virtualmin’s hostname + Postfix etc.?

1 Like


I’d be happy to assist you with this matter, seems the theme of the month has been email issues :slight_smile:

Drop me a private message if you’re interested in discussing.

Best Regards,
Peter Knowles | TPN Solutions

Each domain on this server have Let’s Encrypt certificate

In Virtualmin > Server Configuration > SSL Certificate > Current Certificate

Used by services Webmin (, Usermin (host, Dovecot (host

In Virtualmin > Server Configuration > SSL Certificate > Service Certificates

I can copy to Postfix and will Use this certificate in Postfix for SSL-protected SMTP connections by mail clients.

If I go to Webmin > Servers > Postfix Mail Server > SMTP Authentication And Encryption

Enable TLS encryption? - If requested by client

TLS certificate file (*) None

TLS private key file (*) None

TLS certificate authority file (*) None

If I Copy to Postifx will work?

The thing is this postfix configuration there is not per domain configuration.

Should I copy to Postfix from every domain?

Should I Copy only from only the main domain?

There is only 1 certificate and keyfile. It will save all the certificates and keys in those files or just one?

Thank you


I’m no kind of a Postfix expert, but I’m pretty certain that if you’re not using SNI, then only the cert for the hostname domain gets copied to Postfix and Dovecot.

I could be wrong. It’s happened.


Postfix on CentOS does not have SNI. You cannot possibly use more than one certificate. Pick one (1) domain to use for mail, and click “Copy to Postfix”. Stop there. You’re done. Use that domain for anything that interacts with SMTP, always.

No. “Copy to” is always to choose a default domain for TLS for the service…even in cases where a service supports SNI (e.g. new versions of Dovecot), if you click “Copy to” it does not effect the other domains. It makes no sense to ever click “Copy to” for more than one domain for any service. If SNI is supported in both the service an in Virtualmin’s configuration capabilities for the service, it will always be done automatically (unless otherwise disabled). Clicking it for more than one domain switches to the most recent domain for which you clicked it, which is obviously not what you want. Pick the domain you want to use for SMTP HELO and stop there.

Edit: We’re going to relabel the “Copy to…” options in the near future, as they cause way too much confusion even among people with Virtualmin experience. I’m not sure exactly how it will read after that change, but if anybody has opinions on how to word it so that people don’t misinterpret it so often, please don’t hesitate to chime in on this ticket: Copy to... for certs still confuses people a lot. · Issue #247 · virtualmin/virtualmin-gpl · GitHub

1 Like

That’s surprising. I know I upgraded it myself, but it’s been available for… I think almost a year? I’d think CentOS would have made it the default install by now.


Not surprising at all. CentOS never changes the version during the lifecycle of the release. CentOS 7 has the same Postfix version (with minor patches) that it had when the OS was first released, and CentOS 7 will reach EOL with that same version. And, they never choose cutting edge versions at the beginning of a release…it’s always going to be a version that’s been beaten up in Fedora for a few months or years. That’s the promise RHEL and CentOS make: Stability and compatibility. That’s what you’re signing up for when you choose CentOS. It’s a feature, not a bug, but it does lead to annoyingly old versions of software sometimes.

I guess I’ve never noticed because I’ve been hacking away at it for so long. I just back stuff up compulsively and play.

But then again, I remember when we had to recompile the kernel from source because we changed a NIC. So I guess everything is relative.

In any case, the Postfix from Ghetto Forge has been working splendidly for me. I’m on… let me check… 3.5.3 now. No issues at all.


I just selected the virtual server of the main domain.
In Virtualmin > Server Configuration > SSL Certificate > Service Certificates
I Copied to Postfix
And now I tested an email accoutn from each domain and it works
I’m even receiving the emails from days ago from the gmail account.
Gmail is keep trying to send me those emails.
Thank you.

1 Like

I understood perfectly the meaning of “Copy to”
But I didn’t have knowledge about SNI, and Postfix has no SNI but it is used by other services.
I’m not a profesional sysadmin
That’s why I didn’t understand if it needs to copy from every domain cuz I’m thinking that it has to work in the same way like other services.

Forget SNI. The ancient version of Postfix that CentOS installs doesn’t support it. I didn’t know that, even though I should have because I updated it myself.

Apache does, however, which is why you don’t need separate IP addresses for every https site like we did in olden times.

Your mail works, so life is good. Be happy. :slightly_smiling_face:


1 Like

You should not copy from every domain for services that support SNI, either. That’s what I’m saying: Copy to… does not work the way most people assume it works. It is for one certificate (and only one) that will be the default, in cases where the service does not support SNI or in the case where the service does support SNI but the domain you’re using to connect to the service does not have a certificate that Virtualmin knows about.

You only ever “Copy to…” one (1) time, no matter what the service is. And…it’s not even necessary to do that for services that support SNI, because any domain that has a cert already gets the right cert configured automatically. Clicking it for more than one domain can only ever switch which domain cert is the “default”. But, for most services you shouldn’t care about the “default”. (This is why we have to change that label. Nobody ever assumes it does what it actually does.)


This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.