Webmail works fine, but other clients do not

So we have setup mailinabox, and I can access webmail both internally and externally no issues. We cannot though get any email clients to work via IMAP at all. Outlook even hangs after adding the account.

I’ve looked through the logs and the only thing I can see in /var/log/syslog is a firewall alert:
Sep 21 22:52:18 box kernel: [118366.914569] [UFW BLOCK] IN=eth0 OUT= MAC=33:33:00:00:00:01:c8:d3:a3:60:cd:2e:86:dd SRC=fe80:0000:0000:0000:cad3:a3ff:fe60:cd2e DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=76 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=130 CODE=0
It was also throwing IMAP 143 port blocks, which I figured was fine since MiaB uses IMAP/S 993. I enabled 143 on the server anyway with no luck.

I looked at other topics similar to this on these forums (love that option on the new topic form by the way. Brilliant) and I know its not a DNS resolve issue as these have been pointed for a few days.

At a loss. A friend of mine has a box running as well and is having the same issue, so it makes me wonder if its just a basic setup issue.

thanks in advance for any help you can give!

Hey,

Thunderbird is a known working client. Try it with that. The important settings are:

IMAP
Port: 993
Connection Security: SSL/TLS
Authentication method: Normal password

SMTP
Port: 587
Connection Security: STARTTLS
Authentication method: Normal password

There should not be any firewalls that block these on by default.

Thanks for the reply!

I tried thunderbird, and at first it didn’t work either. I kept getting a “server can’t be found, check your settings” error when doing the test. BUT I then went to the inbox and it said it didn’t trust the IMAP server and I had to do an exception. Then IMAP worked! So I went to do a send test, and I got the same “SMTP server can’t be found, check your settings” type error, but when I closed out of the email I got another certificate warning and did an exception. Then SMTP worked!

SO, My conclusion, though I haven’t tested it yet, is that since MiaB uses SSL/TLS by default, outlook or ios mail clients are throwing the errors because of a lack of CA cert on the server. Once I get that sorted (just been testing for now before we switch over) I should be golden… I think.

Anyone else think that will solve my issue? It make sense based on the troubleshooting but my personal experience with certs is lacking so perhaps I’m incorrect in my conclusion.

So, just to add to the information:

I got my certs setup, though the automatic provisioning throu let’s encrypt didn’t work so I installed certbot and did it that way. The installation worked, as my browser is reporting a secure connetction, and ssl checkers are saying that the url is trusted and secure.

BUT when I go to thunder bird, it is still saying that it “Could not verify this certificate because the issuer is unknown.”

So why doesn’t it, or any, email clients work? webmail support is great and all, but I would think most people use mail clients.

EDIT: Update, again! In my troubleshooting I have figured out that my box.domain.ca cert is working. BUT thunderbird (and I assume outlook too?) is looking for box.domain.ca:993 which is NOT a trusted cert through let’s encrypt.
So why is that? it’s under the same domain… its not even a sub domain! So why would the PORTS need a different cert?

There’s something weird going on here. There’s no known problems with the automatic provisioning and ports definitely don’t matter with certs. Are you sure the DNS it working correctly? It sounds like you might get different results for resolving the hostname several times.

I used the box’s external DNS setup guide and made sure everything matches. it resolves properly, its just the specific ports that seem to be giving issues.

I have a reverse proxy setup with haproxy on another machine, but non of the actual email traffic is routed to the reverseproxy, only the http and https traffic. 993, 578, and even 995 all bypasses the proxy straight to the MiaB. My TLS cert sits on the MiaB server, and I have SSL passthrough enabled on the haproxy for the traffic that uses it.

The domain is canadaesports.ca, I don’t mind you checking it as I’m using it as a throwaway for now to test everything before I migrate…

If a specific port has a certificate problem, it would suggest that the program on that port (in this case Dovecot) isn’t properly set up to deliver the certificate. Maybe your Dovecot needs to be restarted? I can’t really help further than that because you used certbot directly and I don’t know whether those certs have to be moved into another location or anything to make them work.

One thing I noticed is that your box.canadaesports.ca is a CNAME. I think it should be an A entry instead.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.