1 Topic by neozimpi@gmail.com

  • neozimpi@gmail.com
  • Member
  • Offline
  • From: Berlin, Germany
  • Registered: 2015-03-04
  • Posts: 99

Topic: starttls pop3 110

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version = 0.9.2
- Linux/BSD distribution name and version: Ubuntu Server 14.03 LTS
- Store mail accounts in = MySQL
- Web server = Apache
- Manage mail accounts with iRedAdmin
- Related log if you're reporting an issue:
====

Hello,

So we switched from centos AMI Server to ubuntu everything is working except
pop3 110  STARTTLS.

On imap its ok but thunderbird dosnt find the settings for pop3 and if set manualy it says
that configuration could not be found and i cant conttinue.

SMTP and everything else is ok.

I am not sure wich log would help.

I checked the iRedmail guide and the document from Dvocecot for SSL but
everything seems to be in order.

/etc/dovecot/dovecot.conf:
#SSL Global Settings
ssl_protocols = !SSLv2 !SSLv3
ssl = required (should it be mandatory?)

Thx

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,805

Re: starttls pop3 110

let's make sure pop3 service is running first. Can you telnet to port 110 on server? e.g.

telnet localhost 110

Also, show us output of below command:

dovecot -n | grep protocols

3 Reply by neozimpi@gmail.com

  • neozimpi@gmail.com
  • Member
  • Offline
  • From: Berlin, Germany
  • Registered: 2015-03-04
  • Posts: 99

Re: starttls pop3 110

ZhangHuangbin wrote:

let's make sure pop3 service is running first. Can you telnet to port 110 on server? e.g.

telnet localhost 110

Also, show us output of below command:

dovecot -n | grep protocols

dovecot -n | grep protocols:
protocols = pop3 imap sieve lmtp
ssl_protocols = !SSLv2 !SSLv3

telnet localhost 110
Connected to mail.mydomain.com
Escape character is '^]'.
+OK Dovecot (Ubuntu) ready.

But iam not quite sure about the hosts file. Maybe i put to much in it.
/etc/hosts:

127.0.0.1 mail.mydomain.com mail localhost localhost.localdomain
"online ip"  mail.mydomain.com

# The following lines are desirable for IPv6 capable hosts
#::1 ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,805

Re: starttls pop3 110

Your Dovecot setting is fine:

*) With 'pop3' listed in 'protocols =', pop3 service (port 110) is running.
*) With 'ssl = required', pop3 over TLS (port 110) and POP3S (port 995) are running.

I have no idea why it doesn't work for you, did you check iptables firewall or network firewall? is port 110 open?

5 Reply by neozimpi@gmail.com (edited by neozimpi@gmail.com 2015-11-09 19:30:28)

  • neozimpi@gmail.com
  • Member
  • Offline
  • From: Berlin, Germany
  • Registered: 2015-03-04
  • Posts: 99

Re: starttls pop3 110

ZhangHuangbin wrote:

Your Dovecot setting is fine:

*) With 'pop3' listed in 'protocols =', pop3 service (port 110) is running.
*) With 'ssl = required', pop3 over TLS (port 110) and POP3S (port 995) are running.

I have no idea why it doesn't work for you, did you check iptables firewall or network firewall? is port 110 open?

Everything is fine.

telnet mail.mydomain.com
Connected to mail.mydomain.com.
Escape character is '^]'.
+OK Dovecot (Ubuntu) ready.

Do i have to add something in the DNS forwarder at my DNS Hoster where the MX and A Settings are?

Thunderbird:
If i try to manually add TARTTSL with password normal like my other iredmail server than
thunderbird tells me that the password is incorrect.

Log output from mail server:
postfix/smtpd[2915]: improper command pipelining after EHLO from p57822C14.dip0.t-ipconnect.de[xxxxxxxxx]: QUIT\r\n

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,805

Re: starttls pop3 110

neozimpi@gmail.com wrote:

Do i have to add something in the DNS forwarder at my DNS Hoster where the MX and A Settings are?

Not related to this issue.

neozimpi@gmail.com wrote:

Thunderbird:
If i try to manually add TARTTSL with password normal like my other iredmail server than
thunderbird tells me that the password is incorrect.
Log output from mail server:
postfix/smtpd[2915]: improper command pipelining after EHLO from p57822C14.dip0.t-ipconnect.de[xxxxxxxxx]: QUIT\r\n

It looks like a Thunderbird issue, not server.
Try to turn off both fail2ban and iptables firewall, then try again.

7 Reply by neozimpi@gmail.com (edited by neozimpi@gmail.com 2015-11-10 17:51:14)

  • neozimpi@gmail.com
  • Member
  • Offline
  • From: Berlin, Germany
  • Registered: 2015-03-04
  • Posts: 99

Re: starttls pop3 110

I did not work sad

fail2ban not installed and Firewall disabled.
Like this :
http://www.cyberciti.biz/faq/turn-on-tu … -in-linux/

I testet and found out that the Mail server dosnt say what kind of Legitimation it wants for pop3.
I just tells nothing (no response if you ask.

proxy:~# telnet mail.mydomain.com 25
Trying xx.xx.xx.xx...
Connected to mail.mydomain.com.
Escape character is '^]'.
220 mail.mydomain.com ESMTP Postfix (Ubuntu)
EHLO
501 Syntax: EHLO hostname
EHLO mail.mydomain.com
250-mail.mydomain.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

I Tried the folowing tests to see what going on with the authentication process:

https://wiki.ubuntuusers.de/Mailserver_testen
https://scottlinux.com/2012/09/01/encod … mand-line/

AUTH PLAIN "base64coded username and pw"
503 5.5.1 Error: authentication not enabled

AUTH LOGIN "base64coded username and pw"
503 5.5.1 Error: authentication not enabled

Is there a way that i can use the existing iredmail certs and keys to enable SSL.
Everything is better than non encryption.

8 Reply by neozimpi@gmail.com (edited by neozimpi@gmail.com 2015-11-10 19:07:05)

  • neozimpi@gmail.com
  • Member
  • Offline
  • From: Berlin, Germany
  • Registered: 2015-03-04
  • Posts: 99

Re: starttls pop3 110

well ... ... after hours of testing and reading and configuring firewalls.

the working results:

    POP3      mail.mydomain.com    995    SSL/TLS               Normal password
    SMTP      mail.mydomain.com    587    STARTTSL            Normal password

Problem is unencrypted connection is still available
it would work if you have
user name and password. sad


Can i deactivate that?

The most helping tool was:
telnet
openssl s_client -host ...

On the Mozilla support Forum im stumbled over a lot of stuff with starttls pop3 errors.
It does look a lot like an Thunderbird bug.
But i wouldn't bet on that.

I am just happy that it is working with SSL/TLS now.

I hope the outputs above are of some help to you in the future to avoid errors or so but
most likely not.


Note: In test mode on different machines and os Debian 8 was so far the best in reliability and performance. wink (just a side note)

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,805

Re: starttls pop3 110

With 'ssl = required' in /etc/dovecot/dovecot.conf, STARTTLS (port 110) or SSL (995) are required. So, no unencrypted connection at all.

10 Reply by neozimpi@gmail.com

  • neozimpi@gmail.com
  • Member
  • Offline
  • From: Berlin, Germany
  • Registered: 2015-03-04
  • Posts: 99

Re: starttls pop3 110

I still cant figure out why the hell STARTTLS wont work but SSLTLS is working.
So i am using this one. I took the time to make an image of the server and tryed local.
Everything worked. So i guess its something with the clout servers routing table or separate firewall rules. Nevertheless i am grateful for your support.

Side question wink
Is postfixadmin compatible with iRedmail or will screw things up?

11 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,805

Re: starttls pop3 110

neozimpi@gmail.com wrote:

Is postfixadmin compatible with iRedmail or will screw things up?

iRedMail used PostfixAdmin SQL structure at the beginning, but we have more and more features, SQL structure is different too, so it's not a good idea to manage mail accounts with PostfixAdmin.

Of course you're free to try it with a testing machine.

12 Reply by neozimpi@gmail.com

  • neozimpi@gmail.com
  • Member
  • Offline
  • From: Berlin, Germany
  • Registered: 2015-03-04
  • Posts: 99

Re: starttls pop3 110

thx for the info.
I tested it but there are a few issues and i didn't seem very reliable.

thx anyway