Why does SMTP server time out? Submission enabled, TLS port 587


I setup Outlook to auth SMTP same as logon, and port 587 using TLS.

In Webmin I ‘enabled’ submission.

I read a post by someone on the virtualmin site that the user should also have FTP access, so I changed ‘email only’ to Email, FTP.

Did all that but when I attempt to send out mail, it’s always hanging and then timing out.

Any ideas?

Appreciate any help, thanks.


What output do you receive if you type this command from the command line on your server:

netstat -an | grep :587

That should show if Postfix is listening for incoming Submission requests.


Hi Eric, thanks for your response.

I ran that command and received the following output:

tcp 0 0* LISTEN

I guess I need to correct the IP’s?

I was thinking that it may be my hostname (server.mydomain.com) which doesn’t resolve. I tried adding a sub-server and ticked the DNS zone, but it still doesn’t resolve. I verified in BIND that Webmin added the A record - strangely it also added FTP, local, m, etc too.

I ran the command again and received the same output.

So maybe that’s not it.

Any ideas?


I guess I need to correct the IP’s?

Nope… actually, that’s exactly what you want to see. That means it’s listening on all interfaces of your server.

At this point, my guess is that you’re seeing some sort of blocked port issue.

A common cause of that were if the ISP where your desktop is located is blocking outgoing port 587.

Another possibility is if your server has a firewall setup that’s blocking port 587. Also, if your server is behind a NAT router, you’d need to make sure the port was being forwarded.


Hmm, I don’t think it’s the ISP because I use Gmail setup with TLS on port 587 without issue.

I do have a firewall setup, CSF. I added 587 to the TCP_IN and TCP_OUT setting, restarted. But same issue.

I also completely disabled CSF, and again same issue.

Very strange.

What output do you receive if you run “iptables -L -n” on your server?


Unfortunately I wouldn’t feel comfortable posting the info on a public website.

However I think I narrowed it down. On the Postfix > SMTP Authentication And Encryption section, I just noticed that the three radio buttons next to certificate files are set to None.

This is quite strange since that’s the default setting.

Can’t figure out what locations I need to put though.

Also do I have to buy a TLS cert or can I just use the “invalid” SSL cert for now?

Everything else is working fine with Virtualmin/Webmin except securing e-mail.

I also don’t want to use unencrypted IMAP and SMTP, I’m too paranoid. :slight_smile:

Edit: Also by the way, is there anyway to setup Webmin to not reveal the main server’s hostname instead show the IP and domain of the account. I have a few IP’s but noticed that if mail is sent from another IP/domain it still shows the main server’s IP and hostname.

Hmm, are you by chance able to connect to port 465 using either TLS or SSL? It’s possible Submission isn’t fully setup, where SMTPS may be.

You can always setup an SSL certificate on one of your Virtual Servers, and then chose the “Copy to Postfix” option in “Manage SSL Certificates” in order to setup Submission.


Nope unfortunately that didn’t work either. When trying to connect to port 465 either TLS or SSL it says Outlook can’t connect.

When trying to connect on port 587 it hangs and then times out.

But I just noticed something strange… if I just use the regular SMTP port 25 without encrpytion, the login fails.

Maybe this has something to do with my problem.

The SMTP login is the same as the mail box login right? Logging in to the mailbox is fine.

I even tried manually logging into SMTP using the username [mailbox].[domain] and triple checked the password, it failed again.

I don’t think I changed any setting. Basically everything in Virtualmin/Webmin is the default.

Any ideas?

If not I guess I’ll have to re-load the OS and start over but again I’m 99% sure I didn’t change any default setting.

Thanks again for your help.

So long as SMTPS has been enabled (in /etc/postfix/master.cf), port 465 should work even if you didn’t manually add an SSL cert to Postfix. So if that’s not working, I have a suspicion a firewall is involved somewhere along the way :slight_smile:

You should get a different error if the login isn’t working… such as what you’re seeing on port 25.

Now, in regards to port 25 – the next step to figure that out would be to look in the mail logs and see what sort of error you’re getting. The mail logs would be in /var/log/maillog on a CentOS system.

Also, make sure that Outlook is setup to authenticate for Outgoing SMTP, which isn’t the default.


I checked the logs and saw a bunch of ‘status=bounced (User unknown in virtual alias table)’ errors and also a bunch of ‘fatal: No server certs available. TLS can’t be enabled’ errors.

I turned off CSF and then 465 hanged.

I don’t want to quit but I’m kinda leaning toward just using google apps for mail, although I would have preferred something internal.

Virtualmin was error and frustration-free up to this point (Mail). :slight_smile:

That error sounds like Submission is failing, and may be preventing Postfix from working normally.

Trying disabling Submission in /etc/postfix/master.cf, restarting Postfix, and connect to SMTPS on port 465 using SSL.


K, I disabled Submission. Stopped and stated Postfix.

When trying to connect to SMTP port 465 with SSL, I get the following in log:

server postfix/smtpd[7504]: fatal: No server certs available. TLS can’t be enabled

server postfix/master[3667]: warning: process /usr/libexec/postfix/smtpd pid 7504 exit status 1

server postfix/master[3667]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling

Hmm, SMTPS should generally work out of the box. Just to verify, did you restart Postfix after disabling Submission?


I know this is an old post, but I would just like to verify that Virtualmin’s SMTP do quite work right out of the box.

My issue here was due to AWS security group firewall, which I’ve overlooked although I have CSF running. You may want to open those ports in AWS firewall as well - 25, 587, 465, and any other custom SMTP ports.