Problem with SSL on mail server

Jimmy

I have the mail server version 3.3 and I set the SSL of my subdomain (mail.example.com). When I trying to add my mail on Google as additional account I have an error and don't allow me to add it. With the previous version all works fine. I am trying to add with 465 and 993 ports (secure smtp(s) and imap(s)).
Is any problem on mail server 3.3 ? This subdomain and main domain are pointing to my server's IP and I use a shared lets encrypt SSL (*.example.com & example.com).

Jimmy

Solved...server provider firewalls

Jimmy

Finally, problem exist. Any solution?

TheWormsUnited

Jimmy I suggest a reverse on your network, PTR and DNS, perhaps installing the DNS Manager might help you out. I am using Mail Server 3.2 tho...

Jimmy

I tested to a new server with fresh installation and I have the same result. I have all mail ports open and 465 and 993 not connected from thunderbird and other smtp testers. Maybe its a bug in version 3.3, OpenSSL may not working correct. I install DNS manager, same.

TheWormsUnited

Jimmy how do you make the connection? TLS? Are you accepting all certificates? Can you provide a DNS Inspection over your domain name were you are facing this problem?

https://dnsinspect.com

If you can create a report and paste the result here we would have more data, just to check if your DNS records are correct or not.

aaPanel_Jose

TheWormsUnited

Please update the mail server to 4.0
To use TLS connection, you need to configure the certificate for the domain name first

Jimmy

TheWormsUnited

All works ok with DNS. NS are in CloudFlare so I have 97.

Jimmy

aaPanel_Jose

I do it but I have this error on rainloop:

IMAPs port (993) works ok.
Certificate is Let's encrypt

sabirboi04

Jimmy lemme try to solve your issue,

actually last week i also faced same issue but after some research i found solution. here's it you follow may be it'll useful for you.

so first you to make a configure a mail server (i hope you know) then add that mail server domain as a website ( in my case i was using mail.mydomain.com and off proxy ) then go to website where it listed then add ssl using encrypt SSl and you'll get ssl key and certificate just copy anyone ( let's assume first copied ssl private key) and then go to mail server software then choose that exact domain that you've used for mail server domain.com (in my case i was using mail.mydomain.com for mail server) then click on add ssl and paste that copied details accordingly . and save it and now restart aaApanel server. now all done you can use email anywhere (smtp, imap, pop) without getting issue.

Context- i followed this same steps and my issue got resolved, and i don't know, you understood or not. no worries you can contact us via telegram ill try to help .

thanks & regards 💗

Jimmy

STARTTLS works ok with the lets encrypt SSL but SSL/TLS option not.

aaPanel_Jose

Jimmy
Could you tell me what email client was you use?

Jimmy

aaPanel_Jose
Sure, Rainloop. Also I use Thunderbird and I have errors too.

Jimmy

In Thunderbird.

TheWormsUnited

Jimmy
Instead of Autodetect, please select Account Details. You should avoid autodetect settings always.

Jimmy

In Rainloop all ports works except 465 for SMTP.
For Incoming none (143), STARTTLS (143), SSL/TLS (993) : Works all
For outgoing: none (25), STARTTLS (587) : works
SSL/TLS (465) not work.

aaPanel_Jose

Jimmy
I have searched for a long time and haven't found the problem~ Have you ever successfully used this connection method on other self-built mail servers?

Jimmy

aaPanel_Jose
In version 3.2 I work with SSL/TLS (465 & 993). I upgrade to 3.3 and now 4.0 and 465 not working. In 3.2 I had a SSL (lets encrypt) on main domain and in mail subdomain and in Rainloop works fine. I will do a fresh install again to another server to check again mail server.

ghostery

I could get it work with the following :

my mail server is : mail.domain.com PTR: mail.domain.com
users are register with domain : domain.com
I created a website mail.domain.com to automatically generated SSL certificate

once complited it generate :

  1 key 
  1 certificate (not full chain)

then I would go to https://whatsmychaincert.com to check my certificate,

I copy past website certificate and generate full chain with root cert
I get the generated valid cert and added to my postfix config

finally i test with openssl 😀

 openssl s_client -connect mail.domain.com:465
 openssl s_client -connect mail.domain.com:993
 openssl s_client -starttls smtp -connect mail.domain.com:587

and all test get me to the right point, and my email client works fine

Update 😀

let'sencrypt store date in /www/server/panel/vhost/letsencrypt/domain.com/fullchain.pem

TL;DR

just put this information on postfix configuration:

it will be always generated automatically 1 month before expire date, thus postfix will always look for the right certificate.

JAY

never use email system in aapanel its a nightmare and if you have a good traffic its not recommend to host mail on same server

ghostery

you can't find free plugins, panels to do so ...
aapanel is evolving i guess