After enabling SSL in CentOS 6/Postfix/Dovecot, certain mail server SMTP “connection timeoutâ€
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
Extending the title:
After enabling SSL encryption I have no problems sending emails from client (Thundirbird) and webmail (Horde and Squirrelmail) to all servers I tried like gmail, hotmail, yahoo and others.
The exception is, at least for now, protonmail.com
Postfix has mail to send them in queue (24 hours +).
Oct 6 20:00:37 host postfix/smtp[15295]: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out
Oct 6 20:00:37 host postfix/smtp[15295]: A71AA1CA1A17: to=<fff@protonmail.com>, relay=none, delay=6199, delays=6139/0.05/60/0, dsn=4.4.1, status=deferred (connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)
The issue is also sending mail from protonmail.com to my mail server.
This happens also only with this mail server.
I have a undelivered message source I got from the sender.
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error for name=myDomain.com type=MX: Host not found, try again
nslookup -type=mx myDomain.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
myDomain.com mail exchanger = 5 mail.mailServer.com.
telnet mailsec.protonmail.ch 25
Trying 185.70.40.102...
Connected to mailsec.protonmail.ch
Escape character is '^]'
Connection close by foreign host
netstat -antup|grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29478/master
iptables -L|grep smtp
ACCEPT tcp -- anywhere anywhere tcp
multiport dports smtp,pop3 state NEW
openssl s_client -connect myDomain.com:25 -servername mailserver.com -starttls smtp
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mail.mailServer.com
verify return:1
--- Certificate chain
0 s:/CN=mail.mailServer.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
Server certificate
-----BEGIN CERTIFICATE-----
...the output continues with more data
Before enabling SSL mail exchange was good from both servers (protonmail and mine).
My IP is not listed as spam in any of abuse trackers.
Let's Encrypt certificate.
I contacted support of protonmail but they didn't answer.
I worry I would have to face this issue with another particular mailserver like protonmail.
What I ask first is how to look into this is issue, which other logs, settings or command outputs do you recommend to post here to improve the question.
email postfix ssl
asked 2 days ago
dstonek
104117
 |Â
show 1 more comment
up vote
0
down vote
favorite
Extending the title:
After enabling SSL encryption I have no problems sending emails from client (Thundirbird) and webmail (Horde and Squirrelmail) to all servers I tried like gmail, hotmail, yahoo and others.
The exception is, at least for now, protonmail.com
Postfix has mail to send them in queue (24 hours +).
Oct 6 20:00:37 host postfix/smtp[15295]: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out
Oct 6 20:00:37 host postfix/smtp[15295]: A71AA1CA1A17: to=<fff@protonmail.com>, relay=none, delay=6199, delays=6139/0.05/60/0, dsn=4.4.1, status=deferred (connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)
The issue is also sending mail from protonmail.com to my mail server.
This happens also only with this mail server.
I have a undelivered message source I got from the sender.
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error for name=myDomain.com type=MX: Host not found, try again
nslookup -type=mx myDomain.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
myDomain.com mail exchanger = 5 mail.mailServer.com.
telnet mailsec.protonmail.ch 25
Trying 185.70.40.102...
Connected to mailsec.protonmail.ch
Escape character is '^]'
Connection close by foreign host
netstat -antup|grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29478/master
iptables -L|grep smtp
ACCEPT tcp -- anywhere anywhere tcp
multiport dports smtp,pop3 state NEW
openssl s_client -connect myDomain.com:25 -servername mailserver.com -starttls smtp
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mail.mailServer.com
verify return:1
--- Certificate chain
0 s:/CN=mail.mailServer.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
Server certificate
-----BEGIN CERTIFICATE-----
...the output continues with more data
Before enabling SSL mail exchange was good from both servers (protonmail and mine).
My IP is not listed as spam in any of abuse trackers.
Let's Encrypt certificate.
I contacted support of protonmail but they didn't answer.
I worry I would have to face this issue with another particular mailserver like protonmail.
What I ask first is how to look into this is issue, which other logs, settings or command outputs do you recommend to post here to improve the question.
email postfix ssl
asked 2 days ago
dstonek
104117
"telnet protonmail.com 25" - the mail servers for protonmail are currentlymail.protonmail.chandmailsec.protonmail.ch. You need to do an MX lookup to get the mailserver first, not just try to connect on port 25 of the mail domain.
– Steffen Ullrich
2 days ago
If mail to all servers work but not from you to protonmail and back and the connections attempts time out then it might be a firewall or routing issue. Contact the provider where you have the server for help to debug the issue. It has most likely nothing to do with enabling SSL.
– Steffen Ullrich
2 days ago
@SteffenUllrich But befor installing SSL mail exchange was okay. I changed telnet to one of those mail servers: Connected, connection closed by foreign host
– dstonek
2 days ago
"But befor installing SSL mail exchange was okay." - I don't know what you exactly did to installing SSL (no description in question) but either you did something which was not needed or there were some unrelated changes at the same time (assuming everything worked before). If you think it is related to SSL try to change everything back and see if this helps. If it does please describe what exactly you did.
– Steffen Ullrich
yesterday
I essentially followed instructions from linuxbabe.com/mail-server/… (on Apache)
– dstonek
yesterday
 |Â
show 1 more comment
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Extending the title:
After enabling SSL encryption I have no problems sending emails from client (Thundirbird) and webmail (Horde and Squirrelmail) to all servers I tried like gmail, hotmail, yahoo and others.
The exception is, at least for now, protonmail.com
Postfix has mail to send them in queue (24 hours +).
Oct 6 20:00:37 host postfix/smtp[15295]: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out
Oct 6 20:00:37 host postfix/smtp[15295]: A71AA1CA1A17: to=<fff@protonmail.com>, relay=none, delay=6199, delays=6139/0.05/60/0, dsn=4.4.1, status=deferred (connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)
The issue is also sending mail from protonmail.com to my mail server.
This happens also only with this mail server.
I have a undelivered message source I got from the sender.
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error for name=myDomain.com type=MX: Host not found, try again
nslookup -type=mx myDomain.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
myDomain.com mail exchanger = 5 mail.mailServer.com.
telnet mailsec.protonmail.ch 25
Trying 185.70.40.102...
Connected to mailsec.protonmail.ch
Escape character is '^]'
Connection close by foreign host
netstat -antup|grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29478/master
iptables -L|grep smtp
ACCEPT tcp -- anywhere anywhere tcp
multiport dports smtp,pop3 state NEW
openssl s_client -connect myDomain.com:25 -servername mailserver.com -starttls smtp
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mail.mailServer.com
verify return:1
--- Certificate chain
0 s:/CN=mail.mailServer.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
Server certificate
-----BEGIN CERTIFICATE-----
...the output continues with more data
Before enabling SSL mail exchange was good from both servers (protonmail and mine).
My IP is not listed as spam in any of abuse trackers.
Let's Encrypt certificate.
I contacted support of protonmail but they didn't answer.
I worry I would have to face this issue with another particular mailserver like protonmail.
What I ask first is how to look into this is issue, which other logs, settings or command outputs do you recommend to post here to improve the question.
email postfix ssl
asked 2 days ago
dstonek
104117
Extending the title:
After enabling SSL encryption I have no problems sending emails from client (Thundirbird) and webmail (Horde and Squirrelmail) to all servers I tried like gmail, hotmail, yahoo and others.
The exception is, at least for now, protonmail.com
Postfix has mail to send them in queue (24 hours +).
Oct 6 20:00:37 host postfix/smtp[15295]: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out
Oct 6 20:00:37 host postfix/smtp[15295]: A71AA1CA1A17: to=<fff@protonmail.com>, relay=none, delay=6199, delays=6139/0.05/60/0, dsn=4.4.1, status=deferred (connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)
The issue is also sending mail from protonmail.com to my mail server.
This happens also only with this mail server.
I have a undelivered message source I got from the sender.
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error for name=myDomain.com type=MX: Host not found, try again
nslookup -type=mx myDomain.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
myDomain.com mail exchanger = 5 mail.mailServer.com.
telnet mailsec.protonmail.ch 25
Trying 185.70.40.102...
Connected to mailsec.protonmail.ch
Escape character is '^]'
Connection close by foreign host
netstat -antup|grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29478/master
iptables -L|grep smtp
ACCEPT tcp -- anywhere anywhere tcp
multiport dports smtp,pop3 state NEW
openssl s_client -connect myDomain.com:25 -servername mailserver.com -starttls smtp
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mail.mailServer.com
verify return:1
--- Certificate chain
0 s:/CN=mail.mailServer.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
Server certificate
-----BEGIN CERTIFICATE-----
...the output continues with more data
Before enabling SSL mail exchange was good from both servers (protonmail and mine).
My IP is not listed as spam in any of abuse trackers.
Let's Encrypt certificate.
I contacted support of protonmail but they didn't answer.
I worry I would have to face this issue with another particular mailserver like protonmail.
What I ask first is how to look into this is issue, which other logs, settings or command outputs do you recommend to post here to improve the question.
email postfix ssl
email postfix ssl
asked 2 days ago
dstonek
104117
asked 2 days ago
dstonek
104117
edited 10 hours ago
asked 2 days ago
dstonek
104117
asked 2 days ago
dstonek
104117
asked 2 days ago
dstonek
104117
104117
"telnet protonmail.com 25" - the mail servers for protonmail are currentlymail.protonmail.chandmailsec.protonmail.ch. You need to do an MX lookup to get the mailserver first, not just try to connect on port 25 of the mail domain.
– Steffen Ullrich
2 days ago
If mail to all servers work but not from you to protonmail and back and the connections attempts time out then it might be a firewall or routing issue. Contact the provider where you have the server for help to debug the issue. It has most likely nothing to do with enabling SSL.
– Steffen Ullrich
2 days ago
@SteffenUllrich But befor installing SSL mail exchange was okay. I changed telnet to one of those mail servers: Connected, connection closed by foreign host
– dstonek
2 days ago
"But befor installing SSL mail exchange was okay." - I don't know what you exactly did to installing SSL (no description in question) but either you did something which was not needed or there were some unrelated changes at the same time (assuming everything worked before). If you think it is related to SSL try to change everything back and see if this helps. If it does please describe what exactly you did.
– Steffen Ullrich
yesterday
I essentially followed instructions from linuxbabe.com/mail-server/… (on Apache)
– dstonek
yesterday
 |Â
show 1 more comment
"telnet protonmail.com 25" - the mail servers for protonmail are currentlymail.protonmail.chandmailsec.protonmail.ch. You need to do an MX lookup to get the mailserver first, not just try to connect on port 25 of the mail domain.
– Steffen Ullrich
2 days ago
If mail to all servers work but not from you to protonmail and back and the connections attempts time out then it might be a firewall or routing issue. Contact the provider where you have the server for help to debug the issue. It has most likely nothing to do with enabling SSL.
– Steffen Ullrich
2 days ago
@SteffenUllrich But befor installing SSL mail exchange was okay. I changed telnet to one of those mail servers: Connected, connection closed by foreign host
– dstonek
2 days ago
"But befor installing SSL mail exchange was okay." - I don't know what you exactly did to installing SSL (no description in question) but either you did something which was not needed or there were some unrelated changes at the same time (assuming everything worked before). If you think it is related to SSL try to change everything back and see if this helps. If it does please describe what exactly you did.
– Steffen Ullrich
yesterday
I essentially followed instructions from linuxbabe.com/mail-server/… (on Apache)
– dstonek
yesterday
"telnet protonmail.com 25" - the mail servers for protonmail are currently
mail.protonmail.ch and mailsec.protonmail.ch. You need to do an MX lookup to get the mailserver first, not just try to connect on port 25 of the mail domain.– Steffen Ullrich
2 days ago
"telnet protonmail.com 25" - the mail servers for protonmail are currently
mail.protonmail.ch and mailsec.protonmail.ch. You need to do an MX lookup to get the mailserver first, not just try to connect on port 25 of the mail domain.– Steffen Ullrich
2 days ago
If mail to all servers work but not from you to protonmail and back and the connections attempts time out then it might be a firewall or routing issue. Contact the provider where you have the server for help to debug the issue. It has most likely nothing to do with enabling SSL.
– Steffen Ullrich
2 days ago
If mail to all servers work but not from you to protonmail and back and the connections attempts time out then it might be a firewall or routing issue. Contact the provider where you have the server for help to debug the issue. It has most likely nothing to do with enabling SSL.
– Steffen Ullrich
2 days ago
@SteffenUllrich But befor installing SSL mail exchange was okay. I changed telnet to one of those mail servers: Connected, connection closed by foreign host
– dstonek
2 days ago
@SteffenUllrich But befor installing SSL mail exchange was okay. I changed telnet to one of those mail servers: Connected, connection closed by foreign host
– dstonek
2 days ago
"But befor installing SSL mail exchange was okay." - I don't know what you exactly did to installing SSL (no description in question) but either you did something which was not needed or there were some unrelated changes at the same time (assuming everything worked before). If you think it is related to SSL try to change everything back and see if this helps. If it does please describe what exactly you did.
– Steffen Ullrich
yesterday
"But befor installing SSL mail exchange was okay." - I don't know what you exactly did to installing SSL (no description in question) but either you did something which was not needed or there were some unrelated changes at the same time (assuming everything worked before). If you think it is related to SSL try to change everything back and see if this helps. If it does please describe what exactly you did.
– Steffen Ullrich
yesterday
I essentially followed instructions from linuxbabe.com/mail-server/… (on Apache)
– dstonek
yesterday
I essentially followed instructions from linuxbabe.com/mail-server/… (on Apache)
– dstonek
yesterday
 |Â
show 1 more comment
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f473863%2fafter-enabling-ssl-in-centos-6-postfix-dovecot-certain-mail-server-smtp-connec%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
"telnet protonmail.com 25" - the mail servers for protonmail are currently
mail.protonmail.chandmailsec.protonmail.ch. You need to do an MX lookup to get the mailserver first, not just try to connect on port 25 of the mail domain.– Steffen Ullrich
2 days ago
If mail to all servers work but not from you to protonmail and back and the connections attempts time out then it might be a firewall or routing issue. Contact the provider where you have the server for help to debug the issue. It has most likely nothing to do with enabling SSL.
– Steffen Ullrich
2 days ago
@SteffenUllrich But befor installing SSL mail exchange was okay. I changed telnet to one of those mail servers: Connected, connection closed by foreign host
– dstonek
2 days ago
"But befor installing SSL mail exchange was okay." - I don't know what you exactly did to installing SSL (no description in question) but either you did something which was not needed or there were some unrelated changes at the same time (assuming everything worked before). If you think it is related to SSL try to change everything back and see if this helps. If it does please describe what exactly you did.
– Steffen Ullrich
yesterday
I essentially followed instructions from linuxbabe.com/mail-server/… (on Apache)
– dstonek
yesterday