Management of multiple mail.domain.com

Community Support Mail
1

Good morning everyone,
I recently discovered this panel and wanted to migrate my email server. However I tried to configure it but without success. For a few moments Thunderbird detected the servers but when I tried to authenticate it refused the password. Now I have updated the hostname file of the Linux server by adding the mail.domini.com domains and internally to the server the resolution of both the certificate and a launch of a telnet command works. outside the local environment rejects connections. Exim4 and Dovecot are listening on 0.0.0.0 on the 993 and 465 respectively. The ports in the router are open and the online port scanner detects them open. Can any of you help me understand why I canā€™t get it to work?

Thanks for any advice or possible solutions

2

Hi @roberto.lombardi

Could please share the actual domain?

3

@sahsanu, Thanks for your reply. One domain is mail.projectcesare.ch and the other mail.famiglialombardi.ch. Below I share some logs that I receive when testing with the openssl command on the Linux server. As you can see, the certificate test does not pass when tested on the domain while on localhost it does. And actually if I use roundcube integrated into hestacp the emails work. I canā€™t connect clients outside the local network. Sorry if I omitted this detail

root@hosting:/home/operation# openssl s_client -connect mail.famiglialombardi.ch:465 -quiet
40C734FCB97F0000:error:8000006F:system library:BIO_connect:Connection refused:ā€¦/crypto/bio/bio_sock2.c:125:calling connect()
40C734FCB97F0000:error:10000067:BIO routines:BIO_connect:connect error:ā€¦/crypto/bio/bio_sock2.c:127:
connect:errno=111
root@hosting:/home/operation# openssl s_client -connect mail.famiglialombardi.ch:993 -quiet
40A7475C637F0000:error:8000006F:system library:BIO_connect:Connection refused:ā€¦/crypto/bio/bio_sock2.c:125:calling connect()
40A7475C637F0000:error:10000067:BIO routines:BIO_connect:connect error:ā€¦/crypto/bio/bio_sock2.c:127:
connect:errno=111
root@hosting:/home/operation# openssl s_client -connect mail.projectcesare.ch.ch:993 -quiet
40F78CB9C87F0000:error:10080002:BIO routines:BIO_lookup_ex:system lib:ā€¦/crypto/bio/bio_addr.c:738:Name or service not known
connect:errno=2
root@hosting:/home/operation# journalctl -u dovecot --no-pager | tail -n 20
Feb 17 15:42:24 hosting.adminnet.ch systemd[1]: Stopped Dovecot IMAP/POP3 email server.
Feb 17 15:42:24 hosting.adminnet.ch systemd[1]: dovecot.service: Consumed 2.737s CPU time.
Feb 17 15:42:24 hosting.adminnet.ch systemd[1]: Starting Dovecot IMAP/POP3 email serverā€¦
Feb 17 15:42:24 hosting.adminnet.ch systemd[1]: Started Dovecot IMAP/POP3 email server.
Feb 17 15:42:30 hosting.adminnet.ch systemd[1]: Stopping Dovecot IMAP/POP3 email serverā€¦
Feb 17 15:42:32 hosting.adminnet.ch systemd[1]: dovecot.service: Deactivated successfully.
Feb 17 15:42:32 hosting.adminnet.ch systemd[1]: Stopped Dovecot IMAP/POP3 email server.
ā€“ Boot ee98f893d666485c93dde4025009d333 ā€“
Feb 17 15:42:56 hosting.adminnet.ch systemd[1]: Starting Dovecot IMAP/POP3 email serverā€¦
Feb 17 15:42:56 hosting.adminnet.ch systemd[1]: Started Dovecot IMAP/POP3 email server.
Feb 17 15:43:26 hosting.adminnet.ch systemd[1]: Stopping Dovecot IMAP/POP3 email serverā€¦
Feb 17 15:43:27 hosting.adminnet.ch systemd[1]: dovecot.service: Deactivated successfully.
Feb 17 15:43:27 hosting.adminnet.ch systemd[1]: Stopped Dovecot IMAP/POP3 email server.
Feb 17 15:43:27 hosting.adminnet.ch systemd[1]: Starting Dovecot IMAP/POP3 email serverā€¦
Feb 17 15:43:27 hosting.adminnet.ch systemd[1]: Started Dovecot IMAP/POP3 email server.
Feb 17 15:59:44 hosting.adminnet.ch systemd[1]: Stopping Dovecot IMAP/POP3 email serverā€¦
Feb 17 15:59:45 hosting.adminnet.ch systemd[1]: dovecot.service: Deactivated successfully.
Feb 17 15:59:45 hosting.adminnet.ch systemd[1]: Stopped Dovecot IMAP/POP3 email server.
Feb 17 15:59:45 hosting.adminnet.ch systemd[1]: Starting Dovecot IMAP/POP3 email serverā€¦
Feb 17 15:59:45 hosting.adminnet.ch systemd[1]: Started Dovecot IMAP/POP3 email server.
root@hosting:/home/operation# journalctl -u exim4 --no-pager | tail -n 20
Feb 17 16:07:54 hosting.adminnet.ch exim4[14951]: * Stopping MTA
Feb 17 16:07:54 hosting.adminnet.ch exim4[14951]: ā€¦done.
Feb 17 16:07:54 hosting.adminnet.ch systemd[1]: exim4.service: Deactivated successfully.
Feb 17 16:07:54 hosting.adminnet.ch systemd[1]: Stopped LSB: exim Mail Transport Agent.
Feb 17 16:07:54 hosting.adminnet.ch systemd[1]: Starting LSB: exim Mail Transport Agentā€¦
Feb 17 16:07:54 hosting.adminnet.ch exim4[14957]: * Starting MTA
Feb 17 16:07:54 hosting.adminnet.ch exim4[14961]: /usr/sbin/update-exim4.conf: 15: /etc/exim4/update-exim4.conf.conf: A#: not found
Feb 17 16:07:54 hosting.adminnet.ch systemd[1]: exim4.service: Control process exited, code=exited, status=127/n/a
Feb 17 16:07:54 hosting.adminnet.ch systemd[1]: exim4.service: Failed with result ā€˜exit-codeā€™.
Feb 17 16:07:54 hosting.adminnet.ch systemd[1]: Failed to start LSB: exim Mail Transport Agent.
Feb 17 16:09:36 hosting.adminnet.ch systemd[1]: Starting LSB: exim Mail Transport Agentā€¦
Feb 17 16:09:36 hosting.adminnet.ch exim4[15067]: * Starting MTA
Feb 17 16:09:36 hosting.adminnet.ch exim4[15071]: /usr/sbin/update-exim4.conf: 15: /etc/exim4/update-exim4.conf.conf: A#: not found
Feb 17 16:09:36 hosting.adminnet.ch systemd[1]: exim4.service: Control process exited, code=exited, status=127/n/a
Feb 17 16:09:36 hosting.adminnet.ch systemd[1]: exim4.service: Failed with result ā€˜exit-codeā€™.
Feb 17 16:09:36 hosting.adminnet.ch systemd[1]: Failed to start LSB: exim Mail Transport Agent.
Feb 17 16:12:41 hosting.adminnet.ch systemd[1]: Starting LSB: exim Mail Transport Agentā€¦
Feb 17 16:12:41 hosting.adminnet.ch exim4[15752]: * Starting MTA
Feb 17 16:12:41 hosting.adminnet.ch exim4[15752]: ā€¦done.
Feb 17 16:12:41 hosting.adminnet.ch systemd[1]: Started LSB: exim Mail Transport Agent.
root@hosting:/home/operation# openssl s_client -connect 127.0.0.1:993 -quiet
Canā€™t use SSL_get_servername
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Letā€™s Encrypt, CN = R10
verify return:1
depth=0 CN = *.adminnet.ch
verify return:1

  • OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Mail Delivery Agent
4

Hi @roberto.lombardi

Iā€™ve no problem to connect to your smtp and imap services:

āÆ openssl s_client -connect mail.famiglialombardi.ch:465 -quiet
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = *.adminnet.ch
verify return:1
220 hosting.adminnet.ch

āÆ openssl s_client -connect mail.famiglialombardi.ch:993 -quiet
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = *.adminnet.ch
verify return:1
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Mail Delivery Agent

I suppose you finally fixed it but I donā€™t know what happened because that file /etc/exim4/update-exim4.conf.conf must be there.

You said you canā€™t connect externally but I can so, seems you are trying to connect from the own server and it doesnā€™t work.
I would say that your Hestia server doesnā€™t have a public IP. If you try to connect from your internal network to your public IP, and that IP is assigned to your router, the connection wonā€™t reach your Hestia server. Iā€™m not sure if you can configure your router to handle requests from your internal network to the public IP (Hairpin NAT or NAT loopback). If not, you should configure the DNS server used in your internal network to resolve those domains to the internal IP or update the hosts file accordingly.

As I said, thatā€™s my guess, but on my end, it works fine, I can connect to the SMTP and IMAP services.

5

@sahsanu Based on what you tell me, I had a friend of mine test the command and it actually works. Itā€™s a very particular situation. Iā€™ll try to describe my network to you so that maybe something comes to mind. My desktop PC is connected to a domain controller on a Windows server, where however I do not manage the projectcesare.ch domain and all the other sites I have on the local network with domain.projectcesare.ch work fine because they are managed with nginx proxy manager. Since the ports in the router are open and considering the fact that the server I had on aapanel didnā€™t cause me connection problems, do you have any other ideas?
In the meantime, thanks for these initial ideas



ComputerName     : intranet.projectcesare.ch
RemoteAddress    : 85.2.92.154
RemotePort       : 443
InterfaceAlias   : Ethernet
SourceAddress    : 192.168.1.20
TcpTestSucceeded : True

As you can see the domain I tested below goes through npm and the connection works

6

The ports must be open AND forwarded to the right server inside your network. If it worked with another panel is because you forwarded the right ports to the internal server when connecting to your public IP assigned to your router from the internal network or because the domains didnā€™t resolve to the public ip but the internal ip when resolving them from the internal network. Doesnā€™t seem to be a panel issue but a DNS or network issue.

1 Like