Can't connect to the virtual mail server

Hello folks,

I have followed this guide to set-up Postfix and Dovecot virtual mail server: https://www.linode.com/docs/email/email … -and-mysql">https://www.linode.com/docs/email/email-with-postfix-dovecot-and-mysql.

After the set-up, I have sent a couple of emails to the email address I set up at the email server but they dont show up in the mail.log file. Also, I cant set up the email address on my Outlook, Outlook is unable to connect to the server. To me it appears that the firewall may have the ports blocked. I have attempted to open the relevant ports (993, 995 and 465). Below is the output of the command sudo iptables -L -nv --line-numbers:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1    17190 1546K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
2      397 32473 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
3        0     0 REJECT     all  --  !lo    *       127.0.0.0/8          0.0.0.0/0            reject-with icmp-port-unreachable
4        2    92 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW icmptype 8
5      640 37620 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW
6       67  3700 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state NEW
7       65  3744 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state NEW
8       16   928 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 state NEW
9       11   660 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 state NEW
10      32  1800 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 state NEW
11   17565 1622K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
12     703 45106 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables_INPUT_denied: "
13     985 61242 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables_FORWARD_denied: "
2        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 2044 packets, 398K bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain f2b-sshd (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1    17170 1545K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Please advise if ports 993, 995 and 465 are open to accept connections from the internet.

I only wish to run the mail server on secured ports hence I have not attempted to open non-secure ports i.e. 25, 110 and 587.

Thanks for help.

2 Replies

You're mixing things up. There is no "secure" or "non-secure" ports; there are standard ports where protocols work. For client protocols that are under your control, you can shuffle ports around as much as you want. You can move client-facing SMTP to port 8888 if you really want to, you'll just have to configure all the clients to use it.

Mailserver-to-mailserver communication is done over port 25. The SMTP of your mail server must listen on port 25 and it must be reachable over public internet. This is not the case with your setup. The moment you allow 25 through the firewall your SMTP will start accepting connections (assuming no other configuration issues) and you will see the mail flow via logs.

In a well configured mailserver there are two instances of mail reception services: one for server-to-server delivery, over port 25, with support to upgrade to anonymous encrypted connections over STARTTLS, with authentication rejected, another for submission of authenticated mail by your users over port 587, with mandatory STARTTLS encryption and mandatory authentication, and possibly IP whitelists. There is also IMAP over port 143, preferably with mandatory STARTTLS encryption, and certainly with mandatory authentication and possibly IP whitelists. Usage of port 465 has been deprecated. Usage of port 993 coincides with SSL which should not be used. Ports 110 and 995 are for POP3, which is old and evil, and should not be used.

@emestee:

You're mixing things up. There is no "secure" or "non-secure" ports; there are standard ports where protocols work. For client protocols that are under your control, you can shuffle ports around as much as you want. You can move client-facing SMTP to port 8888 if you really want to, you'll just have to configure all the clients to use it.

Mailserver-to-mailserver communication is done over port 25. The SMTP of your mail server must listen on port 25 and it must be reachable over public internet. This is not the case with your setup. The moment you allow 25 through the firewall your SMTP will start accepting connections (assuming no other configuration issues) and you will see the mail flow via logs.

In a well configured mailserver there are two instances of mail reception services: one for server-to-server delivery, over port 25, with support to upgrade to anonymous encrypted connections over STARTTLS, with authentication rejected, another for submission of authenticated mail by your users over port 587, with mandatory STARTTLS encryption and mandatory authentication, and possibly IP whitelists. There is also IMAP over port 143, preferably with mandatory STARTTLS encryption, and certainly with mandatory authentication and possibly IP whitelists. Usage of port 465 has been deprecated. Usage of port 993 coincides with SSL which should not be used. Ports 110 and 995 are for POP3, which is old and evil, and should not be used.

Hi emestee. Thanks for the clarification. I now understand which ports are to be opened and for what purpose.

Cheers.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct