1 Topic by Ange7 (edited by Ange7 2016-03-03 17:36:04)

  • Ange7
  • Member
  • Offline
  • Registered: 2015-05-26
  • Posts: 96

Topic: Allow external connection ?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version: Debian Jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

I'm using «Dolibarr» tool to manage invoice of my company, ... in this tool i can configure sending mail with SMTP/SMTPS socket library. with login / password / 587 port and TLS no i can't send email from this tool.

I have one error and in my log i have :

==> /var/log/syslog <==
Mar  3 10:14:42 homer postfix/smtpd[20426]: connect from 57.ip-reverse-ip[ip]
Mar  3 10:14:42 homer postfix/smtpd[20426]: lost connection after UNKNOWN from 57.ip-reverse-ip[ip]
Mar  3 10:14:42 homer postfix/smtpd[20426]: disconnect from 57.ip-reverse-ip[ip]

is it possible to allow connection from external IP to my iredmail server ?

Thank you

EDIT1 : I'm used telnet mail.server.tld 587 :

$ telnet mail.server.net 587
> EHLO mail.server.net
> starttls
> mail from: <user@server.net>
> Connection closed by foreign host.

result in my server log :

Mar  3 10:33:46 server postfix/smtpd[20496]: SSL_accept error from 57.ip-reverse-ip[ip]: -1
Mar  3 10:33:46 server postfix/smtpd[20496]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:650:
Mar  3 10:33:46 server postfix/smtpd[20496]: lost connection after STARTTLS from 57.ip-reverse-ip[ip]
Mar  3 10:33:46 server postfix/smtpd[20496]: disconnect from 57.ip-reverse-ip[ip]

(sorry for, my english, i'm french)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Allow external connection ?

Ange7 wrote:

$ telnet mail.server.net 587

telnet doesn't support TLS/SSL at all, so testing with telnet doesn't work. Try with a normal mail client, e.g. Thunderbird.

3 Reply by Ange7 (edited by Ange7 2016-03-03 20:51:56)

  • Ange7
  • Member
  • Offline
  • Registered: 2015-05-26
  • Posts: 96

Re: Allow external connection ?

ZhangHuangbin wrote:
Ange7 wrote:

$ telnet mail.server.net 587

telnet doesn't support TLS/SSL at all, so testing with telnet doesn't work. Try with a normal mail client, e.g. Thunderbird.

With thunderbird it's work. but with dolibarr, it doesn't work.

EDIT1 : I replaced telnet by telnet-ssl and it's doesn't work too, i have the same error

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Allow external connection ?

*) Normal mail client applications should use port 587 with TLS support to send email.
*) If you application doesn't support TLS, please try our tutorial below:
http://www.iredmail.org/docs/additional.smtp.port.html

5 Reply by Ange7 (edited by Ange7 2016-03-03 22:13:32)

  • Ange7
  • Member
  • Offline
  • Registered: 2015-05-26
  • Posts: 96

Re: Allow external connection ?

ZhangHuangbin wrote:

*) Normal mail client applications should use port 587 with TLS support to send email.
*) If you application doesn't support TLS, please try our tutorial below:
http://www.iredmail.org/docs/additional.smtp.port.html

Wait, no :

gnutls-cli --starttls --port=587 mail.domain.tld
Processed 174 CA certificate(s).
Resolving 'mail.domain.tld '...
Connecting to 'ip:587'...
Cannot connect to ip:587: Connection refused

It's a problem here.

EDIT2:

from my server where i have dolibarr installed :

nc -v mail.domain.tld 587
DNS fwd/rev mismatch: mail.domain.tld != hostname
mail.domain.tld [ip] 587 (submission) : Connection refused

from an other server :

nc -v mail.domain.tld 587
Connection to mail.domain.tld 587 port [tcp/submission] succeeded!
220 hostname ESMTP Postfix (Debian/GNU)

They are a problem with fail2ban rules

EDIT3: Ok fail2ban banned my server ip... i don't know why...