>>>>> "demo---" == demo--- via dovecot <[email protected]> writes:
> as a newbie suddenly requiring a mail server the configuration of
> dovecot and postfix is proving elusive. if i get one element
> working another fails. i think it would help readers if i supply my
> status report and ask for suggestions as to how to ensure a remote
> client can access the mail just delivered from another remote in
> addition for mutt to see the mail on the sever.
So going by what you've posted, you're trying to setup email for a
domain:
$ dig +short -t MX mckenzietrust.com
10 mckenzietrust.com.
$ dig +short -t A mckenzietrust.com
178.16.2.130
$ nmap 178.16.2.130
Starting Nmap 7.93 ( https://nmap.org ) at 2025-11-03 14:28 EST
Nmap scan report for adsl178.16.2.130.manx.net (178.16.2.130)
Host is up (0.12s latency).
Not shown: 994 filtered tcp ports (no-response)
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
110/tcp open pop3
113/tcp closed ident
995/tcp open pop3s
1080/tcp closed socks
Nmap done: 1 IP address (1 host up) scanned in 8.39 seconds
you really need to setup an HTTPS cert on your web pages. But that's
a simple issue you can work out with letsencrypt down the line.
But looking at the port, you have postfix running on port 25. This is
good. And if you're getting email in, then you're probably good. I
didn't check if you're running starttls or anything on there.
The other part I see is that you have POP open which is bad because
it's sending passwords over the wire unecrypted. You have POP3s setup
for grabbing mail, which is fine too. Not how I would do it, but to
each his own.
> cat <<EOF > ~/mailserver-status.txt
> 📨 Mail Server Status – Ryzen2 (Ubuntu 25.10)
> Objective:
> To host email services independently, replacing Manx Telecom’s legacy
> offering.
> Rationale:
> Manx Telecom has been acquired by Jersey Telecom, with plans to charge ÂŁ65
> per annum per email address. This migration aims to preserve autonomy and
> reduce costs.
> âś… Current Achievements
> - Mail Receipt Confirmed: Mail addressed to [email protected] (a
> domain owned by us) is successfully received via encrypted POP3S
> (port 995) using both Thunderbird and OpenSSL.
What the heck are you talking about here? POP3s is for _getting_
mail, not sending mail.
> - Maildir Workflow Operational:
> Messages arrive in Maildir/new and are moved every minute to
> Maildir/cur via a cron job. They are accessible locally using
> mutt.
Why? Mutt can handle IMAP connections just fine.
> - SSL Layer Functional:
> POP3S handshake completes successfully, confirming certificate and
> encryption setup is sound.
This is just one aspect, and only for _getting_ mail by mail clients
(MUAs). It is not for sending email, or for receiving emails.
> ⚠️ Known Issues
> - Remote Access Fails Silently:
> Thunderbird and OpenSSL clients connect but cannot retrieve messages from
> Maildir/cur or new. No errors are returned—access appears to die silently.
> - Dovecot Configuration Fragility:
> Any attempt to explicitly define mail_location in config files
> (e.g., 10-mail.conf) causes Dovecot to crash on startup. This
> behavior is consistent across both Ubuntu 25.04 and 25.10
> builds. It is imperative not to attempt location overrides, as
> recovery requires reverting to a clean config state.
Can you explain this better? And maybe post your dovecot
configurration with 'sudo doveconf -n' so we can look into it.
I'm also going to suggest you only go with Ubuntu 24.04 LTS, since
that's a long term release and much more stable than the 25.x or 24.10
releases, which are only supported for six months.
> - Post-Reboot Regression:
> Remote access was briefly functional but failed after a system
> reboot triggered by a firmware update. This suggests a
> state-dependent or ephemeral config success.
And the errors you get are?
> 🧠Configuration Notes
> - Dovecot and Postfix Versions:
> Packages from Ubuntu 25.04 were manually installed and locked to
> prevent auto-updates. This avoids compatibility issues with newer
> builds.
Again, don't use 25.04, it's not an LTS release. Use the 24.04 LTS
release for longer term security update support. I'd also NOT
recommend doing with Dovecot 2.4.x yet, it's still getting the bugs
and documentation setup.
As a matter of fact, have you looked into using Mail-in-a-box or even
iRedMail to build your environment?
> - POP3S Listener Enabled:
> The following stanza is active in 10-master.conf:
> service pop3-login {
> inet_listener pop3 {
> port = 110
> }
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> }
> - SSL Configuration:
> ssl = yes
> ssl_server_cert_file = /etc/dovecot/private/dovecot.pem
> ssl_server_key_file = /etc/dovecot/private/dovecot.key
> These paths are valid and readable by root.
> 🧱 Constraints and Priorities
> - No Urgency:
> At least one month is available for debugging and refinement.
> - Web Server Stability Is Critical:
> The live web server must remain uninterrupted, as it hosts the McKenzie
> Trust’s public-facing structure.
> - Outbound Mail Deliverability:
> The domain currently uses DDNS. Without a PTR record, outbound mail from
> Ryzen2 may be rejected. A fixed IP or relay forwarding will be required.
> 🧩 Next Steps
> - Investigate mailbox visibility for remote clients—likely a permissions or
> UID mapping issue.
> - Consider enabling auth-master socket for privileged access if needed.
> - Explore relay options or static IP acquisition to ensure outbound mail
> acceptance.
> EOF
> regards
> jsm
> _______________________________________________
> dovecot mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
