I have a clean install of the most recent Virtualmin GPL on CentOS 6.
I’ve setup my certs, copied them to Postfix – incoming SSL encrypted IMAP mail on port 993 works fine. I’ve confirmed that ports 465 and 587 are open via netstat.
When I try to connect to port 25, it rejects me, as it should. When I try to connect to 587, it also rejects me with the following message from Thunderbird:
“Sending of message failed.
The message could not be sent because the connection to SMTP server MYSERVERHERE timed out. Try again or contact your network administrator.”
When I try to connect to port 465, I get the following message from Thunderbird:
“Sending of message failed.
The message could not be sent because the connection to SMTP server MYSERVERHERE timed out. Try again or contact your network administrator.”
In either instances, maillog shows the following error message:
Jul 19 05:24:36 cl-t109-023cl postfix/smtpd[2155]: connect from MYHOSTHERE
Jul 19 05:24:36 cl-t109-023cl postfix/smtpd[2155]: lost connection after UNKNOWN from MYHOSTHERE
Jul 19 05:24:36 cl-t109-023cl postfix/smtpd[2155]: disconnect from MYHOSTHERE
If so, it’s possible that’s causing some of the problems you’re seeing… you would want to make sure you’ve forwarded those particular ports.
Also, if there’s a firewall setup on your server, that could cause some of the trouble. You can determine that with this command:
iptables -L -n
If neither of those help, one thing you could do is to post your /etc/postfix/master.cf file, seeing how that looks may help us figure out what’s going on there.
iptables says all the mail-related ports are open.
Here’s the master.cf (I left out a bunch of stuff that’s commented out):
# ==========================================================================
smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
# submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
I would suggest uncommenting everything between the 2nd line above, which begins with “smtp”, all the way to (but not including) the line beginning with 628.
That is, you’re uncommenting the lines relating to SMTPS and Submission, and there’s a bunch of lines under each of those beginning with “-o” which are the parameters for those lines.
You don’t actually want to uncomment that line beginning with 628, just everything up until then.
Hopefully that makes sense
When you’re done, restart Postfix, and see if that does the trick for you!
