Thunderbird cannot connect - mail plays fine locally both ways

I’ve been trying for over a week to set this up correctly.
Running on debian 9.1 and default virtualmin 6 installation. (webmin 1.852, usermin 1.720, virtualmin 6.00) PHP 7.0 fcgi (if relevant)

I have several domains hosted. All are created with only the default (virtualmin created) user and only alias “info@domain.com” was added for all of the domains.

SFTP and Usermin work fine with said usernames and passwords.

But thunderbird fetches the auto-configuration file and applies these settings:

Incoming: IMAP, mail.domain.com, SSL/TLS (port 993) (normal password)
Outgoing: SMTP, domain.com, No Encryption (port 587) (normal password)
Username: username (not username.usergroup or other)

Then I hit “Done” and thunderbird hits me with a warning: “Outgoing settings: domain.com does not use encryption”

After accepting this warning, thunderbird is “checking the password…” and after a while it fails: “Configuration could not be verified - is the username or password wrong?”

Username and password are definitely right, I checked many times. Must have something to do with sasl/pam authentication or default firewall rules.

In Server Templates, “Format for usernames that include domain” is set to default (username.domain)

My DNS records look good - A records go through cloudlfare:

A domain.com -> ip

A mail -> ip

MX domain.com -> mail.domain.com

In FirewallD I have enabled smtps and ports 587, 993, 143, 465. I haven’t touched anything else since installation in FirewallD, Linux Firewall or Fail2Ban.

SSL certificates are self-signed.

Here’s my Thunderbird auto-configuration XML (but I now have set it to be automatically generated):

<?xml version="1.0" encoding="UTF-8"?> $SMTP_DOMAIN $OWNER Email $OWNER $IMAP_HOST $IMAP_PORT $IMAP_TYPE $IMAP_ENC $SMTP_LOGIN $SMTP_HOST $SMTP_PORT $SMTP_TYPE $SMTP_ENC $SMTP_LOGIN

Is there something else I should be looking at?

Ideally I should be able to connect using thunderbird on ports 993 & 465 over SSL/TLS both for IMAP and SMTP.

Thank you!

You did tried something like this ssh on the server to check?
openssl s_client -connect yourmailserverip:993

or telnet yourmailserverip 143 or ports that are used for plain

the login is . login yourusername yourpass

and ofcourse your logfiles maillog and so on

but have a look at the telnet command :wink:

And netstat -tulpn | grep :yourport or pogramm-service

Hi, sorry for the late reply but my post wasn’t published on the first couple days (most probably due to the screening process as I’m a new user) and so I forgot about it. Anyways, here’s what I tried:

the openssl command:

[root@domain ~]# openssl s_client -connect domain.com:993
depth=0 CN = *.domain.com, emailAddress = info@domain.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = *.domain.com, emailAddress = domain@domain.com
verify return:1
CONNECTED(00000003)

Certificate chain
0 s:/CN=.domain.com/emailAddress=info@domain.com
i:/CN=
.domain.com/emailAddress=info@domain.com

Server certificate
-----BEGIN CERTIFICATE-----











-----END CERTIFICATE-----
subject=/CN=.domain.com/emailAddress=info@domain.com
issuer=/CN=
.domain.com/emailAddress=info@domain.com

No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits

SSL handshake has read 1549 bytes and written 326 bytes
Verification error: self signed certificate

New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: RTYJRTYJ456745u6…
Session-ID-ctx:
Master-Key: 3546745674567TYJH4TYJ54YUJ…
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - de 69 … … … … … … .RH…H… .FED…








Start Time: 1768544353
Timeout   : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: yes

DONE

telnet does not ask for password:
telnet 143:

  • OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.

telnet 993:

connects, but shows nothing

telnet 587:

220 domain.com ESMTP Postfix (Debian/GNU)

telnet 25:

220 domain.com ESMTP Postfix (Debian/GNU)

telnet 465:

connects, but shows nothing

netstat -tulpn | grep :143

tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1055/dovecot
tcp6 0 0 :::143 :::* LISTEN 1055/dovecot

netstat -tulpn | grep :993

tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1055/dovecot
tcp6 0 0 :::993 :::* LISTEN 1055/dovecot

netstat -tulpn | grep :587

tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1397/master

netstat -tulpn | grep :25

tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1397/master

netstat -tulpn | grep :465

tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1397/master

email log:

Oct 2 08:34:37 domain postfix/smtpd[18184]: connect from my.ip
Oct 2 08:35:38 domain postfix/smtpd[18184]: lost connection after UNKNOWN from my.ip
Oct 2 08:35:38 domain postfix/smtpd[18184]: disconnect from my.ip unknown=0/6 commands=0/6
Oct 2 08:36:07 domain postfix/smtpd[18275]: connect from my.ip
Oct 2 08:36:23 domain postfix/smtpd[18275]: lost connection after CONNECT from my.ip
Oct 2 08:36:23 domain postfix/smtpd[18275]: disconnect from my.ip commands=0/0
Oct 2 08:37:45 domain dovecot: imap-login: Disconnected (no auth attempts in 36 secs): user=<>, rip=my.ip, lip=my.ip, session=<rt43y5hh45…>
Oct 2 08:38:08 domain postfix/smtps/smtpd[18442]: connect from my.ip
Oct 2 08:39:43 domain postfix/anvil[18186]: statistics: max connection rate 1/60s for (submission:my.ip) at Oct 2 08:34:37
Oct 2 08:39:43 domain postfix/anvil[18186]: statistics: max connection count 1 for (submission:my.ip) at Oct 2 08:34:37
Oct 2 08:39:43 domain postfix/anvil[18186]: statistics: max cache size 2 at Oct 2 08:36:07
Oct 2 08:40:07 domain postfix/smtpd[18574]: connect from unknown[some.other.ip]
Oct 2 08:40:07 domain postfix/smtpd[18574]: warning: unknown[some.other.ip]: SASL LOGIN authentication failed: authentication failure
Oct 2 08:40:07 domain postfix/smtpd[18574]: disconnect from unknown[some.other.ip] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Oct 2 08:43:08 domain postfix/smtps/smtpd[18442]: SSL_accept error from my.ip: Connection timed out
Oct 2 08:43:08 domain postfix/smtps/smtpd[18442]: lost connection after CONNECT from my.ip
Oct 2 08:43:08 domain postfix/smtps/smtpd[18442]: disconnect from my.ip commands=0/0

I believe there should be an easy guide on virtualmin.com with the steps to make email work with email clients after full virtualmin installation on a clean grade A supported OS. It’s the most frustrating process. I also believe email clients are key for admins that have multiple email accounts to view daily.

cheers