Yeah, see that’s a lot of stuff. Feels like OP is hitting something that is not his Virtualmin server…that, obviously, would make it hard to troubleshoot.
No this is my virtualmin server, and as I mentioned I have another one that is running on a public ip vs a NAT IP behind a firewall and it has all the STARTTLS options
The IP Block for the public and the Natted one are on the same ISP and same range too!
If I connect via local host I can get starttls but externals i can’t
root@mail:~# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 virtualmin.myserver.com ESMTP Postfix (Ubuntu)
ehlo test.com
250-virtualmin.myserver.com
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSNI can’t help but feel like its something to do with NAT, because it is configured for TLS and it works locally just not externally, does Postfix requires a transparent NAT or a network configuration without NAT inorder to support TLS over port 25?
Could it be a DNS issue?
What happens if you try to telnet to hostname.domain.tld 25 from another computer on the LAN?
What happens if you try to telnet to {local IP} 25 from another computer on the LAN?
How about {public IP} 25 from outside the LAN?
Richard
250 virtualmin.myserver.com
ehlo test.com
250-virtualmin.myserver.com
250-SIZE 31457280
250-VRFY
250-AUTH PLAIN LOGIN
250 DSNI will say the SSL Cert is only set for mail. not virtualmin. but local connections still allow tls on port 25
local ip yields same (im on 10.10.10.240) Local IP of virtualmin Is 192.168.0.8
250 virtualmin.myserver.com
ehlo test.com
250-virtualmin.myserver.com
250-SIZE 31457280
250-VRFY
250-AUTH PLAIN LOGIN
250 DSN
public ip from my local ip 173.x.x.52 25
250 virtualmin.myserver.com
ehlo test.com
250-virtualmin.myserver.com
250-SIZE 31457280
250-VRFY
250-AUTH PLAIN LOGIN
250 DSN
Ok so this is one for the forums…years from now a young lad will be searching with this problem and also use the same brand of firewall I use (Untangle).
These are the struggles, if you go into the spam settings of the firewall that is where the actual problem of blocking TLS is – it Is an issue of firewall blocking but NAT questioning led me here it’s ONLY because of the firewall brand I’m using (The firewall is wanting to do hijack the spam filtering and thus blocking TLS)
Go to Apps > Spam Blocker > Email > Advanced SMTP Configuration and check the option for “Allow and ignore TLS sessions”. This is disabled by default. Enable this to allow TLS emails to pass.
2 Likes
I’m not gonna say “I told you so”. Actually, wait, I am absolutely gonna say, “I told you so.”
2 Likes
LOL you did not!
It was a nice diagnostic exercise in any case.
Richard
I do believe I did.
2 Likes
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.