1 Topic by rbanavarro

  • rbanavarro
  • Member
  • Offline
  • Registered: 2023-05-01
  • Posts: 7

Topic: Connection refused on fresh install

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.3
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Debian 11.7 CLI
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I'm getting connection refused when I try to access mail.mydomain.com/mail using a LAN machine.

The environment: it's a Windows Server running a local AD (ad.mydomain.com), it has a static internal IP and a static public IP. This machine is the network DHCP server. The firewall is on for domain, private and public networks. On Hyper-V, it has a Virtual Switch. There I set up a virtual Debian 11.7 CLI fresh install for iRedMail.

The router has the following open ports (TCP only): 25, 80, 465, 587 and 993.

First thing I did at the Debian machine was to set a static IP:

/etc/network/interfaces

*****

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface ens18 inet static
  address "machine static IP"
  netmask 255.255.255.0
  gateway "router IP"
  dns-nameservers "Windows Server IP"

*****

The Debian machine has:
- internet connection
- ports open
- nftables correctly setup (iRedMail final setup step)
- /etc/hostname → mail
- /etc/hosts → 127.0.0.1    mail.mydomain.com    localhost

telnet portquiz.net 25 connects just fine.

Before the CLI machine, I had the exact same setup with GUI. There I used Firefox and I could access roundcubemail just fine. The connection was refused when I accessed it with the Windows Server machine. Not much changed after I replaced it with a CLI one.

I already spent three days trying to figure out what is wrong. What am I missing?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: Connection refused on fresh install

Can you access the webmail on iRedMail server locally from command line? For example:

curl -k http://127.0.0.1/

Disable network firewall (nftables) on iRedMail server temporarily then try again.

3 Reply by rbanavarro

  • rbanavarro
  • Member
  • Offline
  • Registered: 2023-05-01
  • Posts: 7

Re: Connection refused on fresh install

root@mail:~# curl -k http : //127.0.0.1/
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
root@mail:~# systemctl disable nftables
Removed /etc/systemd/system/sysinit.target.wants/nftables.service.
root@mail:~# curl -k http : //127.0.0.1/
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
root@mail:~#

I also checked all system status, they are all loaded and active (running):

- systemctl status postfix
- systemctl status dovecot
- systemctl status nginx
- systemctl status mariadb
- systemctl status clamav-daemon
- systemctl status amavis

I can SSH directly to the machine from any machine with an external IP.

fail2ban-client has 0 bans.

4 Reply by rbanavarro

  • rbanavarro
  • Member
  • Offline
  • Registered: 2023-05-01
  • Posts: 7

Re: Connection refused on fresh install

I went to /etc/nginx/sites-enabled/00-default.conf and added a # at the beginning of the line:

return 301 https : //$host$request_uri;

There's the result:

root@mail:~# curl -k http : //127.0.0.1/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http : //nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http : //nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@mail:~#

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: Connection refused on fresh install

Seems not caused by iRedMail server. Do you have any network firewall / gateway sitting between iRedMail server and your laptop? Hyper-V has a firewall for you VM?

6 Reply by rbanavarro

  • rbanavarro
  • Member
  • Offline
  • Registered: 2023-05-01
  • Posts: 7

Re: Connection refused on fresh install

That's what I thought... I made another fresh install using Ubuntu Server 22.04 LTS and the end result was the same.

I also disabled firewall completely on host machine (Windows Server), rebooted and nothing changed.

I can ping from Windows to Debian. I can also ping from Debian to Windows.

I can SSH to Debian machine from LAN and also from external networks.

I noticed that I can access roundcubemail using the Debian IP (192.168.XXX.XXX). It only fails when I try mail.mydomain.com

I think it has to do with DNS somehow.

Should the Debian machine join the local domain? I don't even know if it's possible. I'm not sure how it works.

Windows server is on local domain: ad.mydomain.com

Debian has its own: /etc/hosts → 127.0.0.1 mail.mydomain.com localhost

Is there something that I could try?

I'll keep doing tests.

7 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 907

Re: Connection refused on fresh install

edit windows hosts to resolve to linux IP, this could fix it

8 Reply by rbanavarro

  • rbanavarro
  • Member
  • Offline
  • Registered: 2023-05-01
  • Posts: 7

Re: Connection refused on fresh install

Cthulhu wrote:

edit windows hosts to resolve to linux IP, this could fix it

It did work indeed, but for the Windows Server itself only. I tried to access on another LAN machine: it worked just fine using the linux IP, but it failed using mail.mydomain.com

That's a DNS problem I guess...

9 Reply by rbanavarro

  • rbanavarro
  • Member
  • Offline
  • Registered: 2023-05-01
  • Posts: 7

Re: Connection refused on fresh install

[SOLVED]

For anyone with similar setup, including my future self, here is the solution:

The mail server could be found by the IP but not by mail.my-domain.com. The issue was that it need an (A) record at the DNS server in order for it to be found. However, creating only an (A) record was not enough. Doing only that made the machine have the following address: mail.ad.my-domain.com. To fix that, it was necessary first to (1º) create a new direct primary DNS Zone named my-domain.com. After that, (2º) create the (A) record pointing to the mail server's IP and also a PTR record.

After that you should be able to ping/nslookup back and forth and it is supposed to find them all.

I also had issue obtaining the TLS certificate. In order to fix it, I had to (3º) open to following ports (TCP):
- HTTP port: 80
- HTTPS port: 443
- SMTP port: 25
- Submission port: 587 (also 465 for Microsoft Outlook)
- IMAP port: 143
- IMAPS port: 993

Final tip: open port 22 to allow ssh

It's up and running after that. Thanks guys!