View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Cannot access mail from iPhone or Mac Mail
Log in to Ask a Question

Cannot access mail from iPhone or Mac Mail

email

I just moved my site from a previous host to Linode, and while I'm not shy when it comes to Linux, I am a newbie when it comes to setting up web servers. I have my site hosted fine and running beautifully. I also wanted to host my email account for that domain. I followed these instruction for my Debian 6 setup. All the tests they suggest showed everything is working. I figured then after that, I could setup Mac Mail to check my mail at mail.website.com. but I receive an error stating mail.website.com is not responding. I know there must be more for me to do, but I don't know what. Can anyone help?

Also, can someone suggest a good guide for setting up webmail on Linode with my setup?

26 Replies

There's so many things that can cause email servers not to work, if you provide your domain and linode ip it'll help diagnosis.

What's the output of

netstat -lpnt
iptables -L -n -v

Yes, thank you.

I sent you a PM with the domain and IP.

Here are the outputs you requested.

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      13143/dovecot   
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      13143/dovecot   
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      3107/mysqld     
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      13143/dovecot   
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      13143/dovecot   
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1358/portmap    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      11176/sshd      
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      13272/master    
tcp        0      0 0.0.0.0:57599           0.0.0.0:*               LISTEN      11082/rpc.statd 
tcp6       0      0 :::80                   :::*                    LISTEN      13596/apache2   
tcp6       0      0 :::22                   :::*                    LISTEN      11176/sshd    

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 585K  559M fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 22 
 9357  731K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  !lo    *       0.0.0.0/0            127.0.0.0/8         reject-with icmp-port-unreachable 
 607K  575M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
  356 22096 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
   14   764 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
   82  4760 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
   22  1272 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
 1122 66972 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `iptables denied: ' 
 1328 79192 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 362K   38M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-ssh (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 585K  559M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

ok postfix isn't running, try running /etc/init.d/postfix start also you're firewall isn't allowing dovecot or postfix, open ports 993 and 25 with whatever firewall you use.

Your dns records are fine :)

Okay, I started postfix with the script you supplied

Starting Postfix Mail Transport Agent: postfix.

Then I opened the ports, the firewall seems to be iptables. I didn't install anything else yet. I opened them with this command:

iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  100  8593 fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 22 
   21  2635 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  !lo    *       0.0.0.0/0            127.0.0.0/8         reject-with icmp-port-unreachable 
  144 12469 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
    2   164 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
   11   704 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `iptables denied: ' 
   17  1088 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  170 22280 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-ssh (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  100  8593 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

And they seem to be opened but I'm still getting an error saying the IMAP server is not responding. Now what am I doing wrong :(

How did you set up your firewall in the first place? The rules you added are after the reject rule so will be ignored see

  17  1088 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993

Ideally you should remove the reject rule and set the INPUT policy to REJECT or DROP. That should fix your problem.

POP3 is 110 (plaintext and STARTTLS) and 995 for SSL. SMTP is 25 for inbound and should use 465 for SSL.

obs,

The firewall configuration is the default one that's installed with the Debian image. I didn't configurate it. But with the help of this article, I think I got it working slightly. My incoming is now working. However, my outgoing isn't. Mac Mail keeps saying the SMTP server is not responding. I assume my outgoing server is mail.website.com. What should I test for next? Thanks guys for your help!

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      627 48805 fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 22 
2       21  2635 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 REJECT     all  --  !lo    *       0.0.0.0/0            127.0.0.0/8         reject-with icmp-port-unreachable 
4      666 52333 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
5        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
6        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
7        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993 
8        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:465 
9        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
10       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:995 
11       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
12       1    64 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
13       0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
14       6   396 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `iptables denied: ' 
15       6   396 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Also, I should add that the outgoing doesn't work whether I use SSL or not. Oddly, even though port 465 is open in iptables, it doesn't show listening in netstat. Also http://www.yougetsignal.com/tools/open-ports/ says the port is closed.

Use port 25 for ssl, the guides here end up with SSL running on port 25. If you still can't connect via SSL try connecting without SSL it could be your ssl config is broken.

Your firewall config works now and your smpt and imap servers are running (I can connect)

Some ISPs are blocking any traffic to port 25, forcing clients to use their SMTP servers. In those cases I always recommend 465.

Also, enable smtps in master.cf, eg:

smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes

I've listened on 2025 as well as 25 for a very long time on servers that are for client access. It is easier for them to remember.. ISP blocking of port 25 is a good thing IMHO.

Via mobile..

@Dweeber:

I've listened on 2025 as well as 25 for a very long time on servers that are for client access. It is easier for them to remember.

You have very weird (and stupid) clients if that is true.

Doh, I can't remember a two digit number "25", but I can remember a four digit number that ends in the same two digits that I can't remember.

Ugg. I know port 25 is blocked by my ISP. What I found odd was that the SMTP failed whether or not SSL was turned on. I did edit my master.cf by Azathoth's suggestion. As soon as I did, netstat shows port 465 is listening, and it was officially opened. However, Mac Mail kept saying the SMTP is not responding.

Then I began to realize that it might not be the server's fault. I began testing the mail on my iPhone, both on wifi and on 3G. Emails were sending without any problems. It seems the problem is with Mac Mail or with the OS. I'll have to poke around because I have no clue what would be blocking outgoing mail traffic. I'm hoping it's just a corrupt preference file. Do you guys know of anything I should try?

Default SMTP setting for Mac Mail tries 25, 465, 587, in that order. Since it never receives a reply from your server saying that 25 is unavailable, it is probably timing out. Set its SMTP conf to use 465 instead of trying to figure out which port is available.

@vonskippy:

@Dweeber:

I've listened on 2025 as well as 25 for a very long time on servers that are for client access. It is easier for them to remember.

You have very weird (and stupid) clients if that is true.

Doh, I can't remember a two digit number "25", but I can remember a four digit number that ends in the same two digits that I can't remember.
Seriously. When they can't use 25, 2025 is much easier to remember than 465. Also, I have been doing this since 1992, long before some of the other "common" ports or protocols even existed or were in common usage. Before that email was sent via UUCP which I did going back to the late 70's.

Must be symptomatic of living in the Arizona oven.

State Records

Ariz.    128°   June 29, 1994   Lake Havasu               505

Normal Day just outside of Phoenix

![](" />

@pclissold:

Default SMTP setting for Mac Mail tries 25, 465, 587, in that order. Since it never receives a reply from your server saying that 25 is unavailable, it is probably timing out. Set its SMTP conf to use 465 instead of trying to figure out which port is available.

Ya, that's what I thought. I already tried it. I find this issue particularly odd. I figured it might be due to the fact that this account is virtually identical to the one on my last server. I had a feeling there might be some corrupt data in the preference files. I cleaned out mail preferences and all the keychain entries but to no avail. I don't even have the OS firewall on. Odd indeed.

So I thought I would bump this up just to see if anyone has worked out a solution. I've been having the same problem with my Apple devices and I still can't quite figure out what's up. I temporarily switched to Sparrow and it had no problem sending mail, but seeing as they're now out of development I'd really like to get Mail.app working right.

I don't know whether you've found a solution to your problem, but I had a similar issue with Apple Mail. Namely, for some reason, it doesn't like when Dovecot and Postfix have different SSL certificates. Yeah, you heard that right. So, just set up Postfix to use Dovecot's SSL certificate or the opposite, and you should be fine.

I'm having the same issue withSMTP in the Mail.app.

> So, just set up Postfix to use Dovecot's SSL certificate or the opposite, and you should be fine.
How would you do this?

Cheers :D

Simple. Open your /etc/postfix/main.cf file and change the following two parameters, like this:

smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem

This is my setup on my Ubuntu 12.04, it may be slightly different on other distros, though.

I must note that I was rebuilding my mail server recently, and Apple Mail doesn't work anymore even with these settings, so I've just switched to Thunderbird for the time being, until I get enough money to buy a proper SSL certificate. But you should try it, you don't have anything to lose. :-)

@petarpetrovic:

Apple Mail doesn't work anymore even with these settings
Are you using a Startcom certificate? Even if your certificate's expiration date hasn't arrived yet, check to see if the certificate used to sign it has expired. That bit someone else I know.

No, I'm not using StartCom's certificate. I'm currently using a certificate that came with Postfix/Dovecot. But as I said, I am planning to buy a certificate from some CA, because Apple Mail doesn't work anymore with any settings.

You can get a certificate from Startcom at no cost, but it is limited to one year of validity. (I would presume that newly-issued ones wouldn't have the same problem with the signing certificate, but don't know for sure.)

@petarpetrovic:

No, I'm not using StartCom's certificate. I'm currently using a certificate that came with Postfix/Dovecot. But as I said, I am planning to buy a certificate from some CA, because Apple Mail doesn't work anymore with any settings.

That's probably your issue.

While testing a new mailserver setup I used a self-signed cert. Most mail apps would present a "do you want to accept this certificate?" dialog. iPhone mail would just spin until timeout, then give a generic "connection failed" message.

Once I installed a real cert, iPhone mail worked fine.

You only need one cert, put it somewhere (e.g., /etc/ssl/certs) and reference it in Dovecot and Postfix.

If you buy a ~$10 cert like StartSSL, make sure you chain it.

Use the SMTP submission port, 587. I've tested it with a wide variety of mail apps from Outlook Express to iPhone, and every one auto-detects it just fine – assuming of course that your configuration is correct :)

I've tested Apple Mail again, and this time it worked with a self - signed cert. I know that I can get a free one at StartCom, and actually I did get one, but then I forgot to back it up so now I need to wait a year before I can get it again.

But anyway, $10 for a SSL certificate isn't much, so I'll go that route for now.

Regarding iPhone, it just works even with the self signed cert, just issued a warning that it cannot verify the identity of the server, and that's it. So far, no problems any more.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct