After full reinstall, imap doesn't work anymore

[Xavier123]

Hi,
I'm using Ubuntu 14.04.2 LTS and Plesk 12.0.18 - update 38.
Since i have reinstalled 3 servers, i don't have imap connection possible in some case.
- When i connect from a Thunderbird, it works only if it's not secure : any attempt with ssl is refused.
- When i try to use a smartphone with the same working config done in Thunderbird, i canno't log whatever i do to find something working on the smartphone (note : it's works with pop)
- Horde refuse all users. If i switch to Roundcube, all works...

There is something wrong : i search the web, the forum, for 14 days now, without success.
I tried many thing from the KB...no success either.

So, is there somebody here that can help me for this ?
Thanks for the help (and at least the time you spent to read this message

Xavier

 

[UFHH01]

Hi Xavier123,

to investigate issue, it is always usefull to include error - log - entries and probably depending configuration files ( in your case, mail.log / horde.log and postfix or qmail configuration files ).

Parallels Plesk Panel for Linux services logs and configuration files ( KB - article: 111 283 )​

 

[Xavier123]

Sorry, i'm very new on this forum
I paste all this below.
(i have changed domain name and IPs)

IN the mail.log, i have for my ip when i try :

Mar 20 16:22:47 mailcdc courier-imapd: TIMEOUT, [email protected], ip=[::ffff:88.115.21.28], headers=1728, body=50018, rcvd=501, sent=55020, time=1804

or just thing like

Mar 20 10:25:05 mailcdc courier-imapd: Connection, ip=[::ffff:88.175.27.68]
Mar 20 10:25:07 mailcdc courier-imapd: Disconnected, ip=[::ffff:88.175.27.68], time=2

In Horde.log, i have for example:

2015-03-16T17:33:23+00:00 ERR: HORDE [horde] FAILED LOGIN for [email protected] ([email protected]) [90.14.20.210] to horde [pid 20877 on line 216 of "/usr/share/psa-horde/login.php"]

My main.cf is :

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_cert_file = /etc/postfix/ns370831.ip-94-23-203.eu.pem
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mailcdc.fr
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.ip-94-23-203.eu, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
transport_maps = , hash:/var/spool/postfix/plesk/transport
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:30
virtual_gid_maps = static:31
smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
virtual_mailbox_limit = 0
smtpd_tls_protocols = SSLv3, TLSv1
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL
#smtpd_sasl_security_options = noplaintext
#smtpd_tls_auth_only = yes
tls_ssl_options = NO_COMPRESSION
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
message_size_limit = 61440000

and my master.cf is :

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#  (yes)  (yes)  (yes)  (never) (100)
# ==========================================================================
smtp  inet  n  -  -  -  -  smtpd
#smtp  inet  n  -  -  -  1  postscreen
#smtpd  pass  -  -  -  -  -  smtpd
#dnsblog  unix  -  -  -  -  0  dnsblog
#tlsproxy  unix  -  -  -  -  0  tlsproxy
#submission inet n  -  -  -  -  smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps  inet  n  -  -  -  -  smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628  inet  n  -  -  -  -  qmqpd
#comment par xav pickup  unix  n  -  -  60  1  pickup
cleanup  unix  n  -  -  -  0  cleanup
#comment par xav qmgr  unix  n  -  n  300  1  qmgr
#qmgr  unix  n  -  n  300  1  oqmgr
tlsmgr  unix  -  -  -  1000?  1  tlsmgr
rewrite  unix  -  -  -  -  -  trivial-rewrite
bounce  unix  -  -  -  -  0  bounce
defer  unix  -  -  -  -  0  bounce
trace  unix  -  -  -  -  0  bounce
verify  unix  -  -  -  -  1  verify
flush  unix  n  -  -  1000?  0  flush
proxymap  unix  -  -  n  -  -  proxymap
proxywrite unix -  -  n  -  1  proxymap
smtp  unix  -  -  -  -  -  smtp
relay  unix  -  -  -  -  -  smtp
#  -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq  unix  n  -  -  -  -  showq
error  unix  -  -  -  -  -  error
retry  unix  -  -  -  -  -  error
discard  unix  -  -  -  -  -  discard
local  unix  -  n  n  -  -  local
virtual  unix  -  n  n  -  -  virtual
lmtp  unix  -  -  -  -  -  lmtp
anvil  unix  -  -  -  -  1  anvil
scache  unix  -  -  -  -  1  scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -  n  n  -  -  pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#  lmtp  cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus  unix  -  n  n  -  -  pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -  n  n  -  -  pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp  unix  -  n  n  -  -  pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail  unix  -  n  n  -  -  pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp  unix  -  n  n  -  -  pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix   -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=R user=list:list argv=/usr/lib/plesk-9.0/postfix-mailman ${nexthop} ${user} ${recipient}


plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
pickup fifo n - - 60 1 pickup
plesk_saslauthd unix y y y - 1 plesk_saslauthd status=5 listen=6 dbpath=/plesk/passwd.db
qmgr fifo n - n 1 1 qmgr
smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes

plesk-94.23.203.209- unix - n n - - smtp -o smtp_bind_address=94.23.203.209 -o smtp_bind_address6= -o smtp_address_preference=ipv4

Do you see something ?
Thanks for your time
Xavier

 

[UFHH01]

Hi Xavier123,

you route your eMails over two other servers ( spool.mail.gxxxx.net and fb.mail.gxxxx.net ), which don't support TLS ( please check mail5.gxxxx.net ) - you can check issues as well at "http://mxtoolbox.com" and apart from that keep as well in mind please, that some of your IPs or/and MX - entries are already blacklistet and the SPF - record is depricated.

 

[Xavier123]

First, thanks, you see something.
Second, i don't know where to look and what to change even with your post (as i wrote, i'm very new...).
I installed the server with plesk and create the domain but i didn't change anything (as usual).
When i read you, i can see you saw something evident for you. For me, i hear "Appolo 13, you have a problem but UFHH01 have the good piece for you !". So you give me the plastic pieces and the rubber : can you give me the way to solve it step by step ?
Many thanks Houston
Xavier
Note : i'm not english native, i can make some mistake in my english, forgive me

 

[UFHH01]

Hi Xavier123,

don't worry about your english... we are not in school here...


Please clarify first, if you host as well "gxxxx.net" ( and the corresponding IPs for mail.gxxxx.net / mail1.gxxxx.net / mail2.gxxxx.net / mail3.gxxxx.net / mail4.gxxxx.net / mail5.gxxxx.net / spool.mail.gxxxx.net and fb.mail.gxxxx.net ), because if you don't host that domain you are not the one who can change the corresponding MTA and DNS settings.

 

[Xavier123]

I have a server with a name given by the "provider" (OVH). you can see in main.cf it's
ns370831.ip-94-23-203.eu
To prevent issue with antispam, i had to take a domain without the ip in the name (else i had an error "name is almost ip" when sending emails).
The name of the domain used for the name server is
mailcdc.com
I can have one to 30 domain on a server (always configure the same way)
On this server, i have only one domain, i give you the domain to simplify : copaindescopeaux.fr
The ip of the server is : 94.23.203.209
i have in the dns set the dns entry given during the plesk creation : mail.xxxx.xx, pop.xxxx.xx, smtp.xxxx.xx, imap.xxxxx.xx all pointing to the server's ip.

Before, when i was creating a domain on Plesk 11, all was directly working.
I don't thing it's important : on this domain, i created the domain with Plesk "normally" and on other server, i migrate the domain from another plesk (the problem is the same on all server).

Yes, I have full control on the domain and the server, i can do all what i want on the domain and the server as i control the domain in the registrar and the dns entries are handled directly by the server on Plesk.

Thanks again (really) for your help "UFHH01"
Xavier

 

[UFHH01]

Hi Xavier123,

now... I'm a bit surprised, because your description doesn't equal the actual settings. This might be due to the case, that you wrote "mailcdc.com" instead of "mailcdc.fr" ?
Besides that, "mailcdc.fr" resolves to your IP "94.23.203.209", but has MX - settings for "10 spool.mail.gandi.net" and "50 fb.mail.gandi.net" - and here comes the initial issue: "gandi.net" has set several mail - servers as lsited in my above post and some of these mail - servers don't support TLS. The question was, if you host as well "gandi.net", because the TLS - settings should be made on this server with the IP "217.70.184.1" ( and/or it's subnet "217.70.176.0/21"... BUT ONLY, if you resist on rerouting your eMails from "mailcdc.fr" over the gandi.net - server(s) ).

If you would like to receive and send eMails for "copaindescopeaux.fr" and you would like to use TLS, then you have to change the Plesk-Standard-Certificate, because it doesn't match your hostname. Please see as well "https://www.ssllabs.com/ssltest/analyze.html?d=copaindescopeaux.fr" for the tests.
( Please keep in mind, that you could as well adjust the certificate for the domain "mailcdc.fr". ^^ )

You will find help in the following KB - article:

How to generate custom self-signed SSL certificates and apply it to Postfix ( KB - article 118 354 )​

As you can see at "https://www.ssllabs.com/ssltest/analyze.html?d=copaindescopeaux.fr" as well, your server is not secured against the Poodle - vulnerability ( please have a look at the Parallels Knowledge - Base for assistance:

[Plesk] CVE-2014-3566: POODLE attack exploiting SSL 3.0 fallback ( KB - article: 123 160 )​

In some cases you might experience issues with incompatibilities for some browser and/or eMail - clients, after you followed the KB - article 123 160. It might help to read:

SSL POODLE / SSLv3 bug ( Parallels Forum - Link )​

... to solve such issues, because there are several additional solutions provided in this thread.




After all these changes and modifications, there might be still an issue with your SMTP - banner. Please see the Plesk-Online documentation for it:

Configuring Server-Wide Mail Settings ( Plesk 12 Online documentation )

... and use the Forum - Search for additional informations and discussions with the keywords "SMTP" "banner".

​

To check your changes and modifications, please use the sites "http://mxtoolbox.com" / http://www.dnswatch.info and "https://www.ssllabs.com/ssltest/".

 

[Xavier123]

Hi UFHH,
I'm going to do all that : thanks very much.
When it's done, i will come back to tell you if all is ok.
Thanks again
Xavier

 

[Xavier123]

Hi UFHH01,
I tried to generate a new certificate but something is wrong : when i try to follow the steps, i don't have the same things on my server...
First, i switch to the root directory. If i generate a root private key, the key is generated on the root directory.

When i try to go in the folder : /usr/share/ssl/certs/postfix/
to put the file, the folders doens't exist..

Can you explain where do i have to create this new certificate ? I don't want to drop this file anywhere on the server...

Thanks
Xavier

 

[Xavier123]

If i take a look to the step 3, i will have to change some data :
Is this could be ok ?

Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:Paris
Organization Name (eg, company) [Internet Widgits Pty Ltd]:copaindescopeaux
Organizational Unit Name (eg, section) []:copaindescopeaux
Common Name (e.g. server FQDN or YOUR name) []:mailcdc.fr
Email Address []:[email protected]

In France, we doesn't have "state" or "province name", can i leave this empty ?

Thanks again
Xavier

 

[UFHH01]

Hi Xavier123,

in France this option is equivalent to "Départements / Arrondissements"... but yes, you might leave this empty as well.

 

[Xavier123]

Thanks.
Can you help me for the certificate ? Where should i put it in folders ? The KB article have not the sames folders in the step by step guide.
Xavier

 

[UFHH01]

Hi Xavier123,

please have a look at the following KB - article ( and please overread the fact, that they describe the situation, that a previous certificate has experied, because the situation to renew a certificate is nothing else than a normal replacement ):

The SSL certificate used by Parallels Plesk has expired. How can it be renewed? ( KB - article 1736 )​

 

[Xavier123]

Hi UFHH01,
First, thanks (again ,
I used the tools in Plesk and the ssl certificate have been generated.
When i run the test with ssllabs.com, i can now see a lot more thing.
I can see that the Poodle is not resolved.
I edit /etc/sw-cp-server/conf to add the line "tls" as explained in the kb article, but the lines are allready in the file (??) :

worker_processes  1;

events {
  worker_connections  1024;
}

http {
  include  mime.types;
  default_type  application/octet-stream;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"'
  "'$fastcgi_script_name' '$fastcgi_path_info' '$document_root'";


  sendfile  on;
  reset_timedout_connection on;

  #keepalive_timeout  0;
  keepalive_timeout  65;
  #tcp_nodelay  on;

  #gzip  on;
  #gzip_disable "MSIE [1-6]\.(?!.*SV1)";

  server_tokens off;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  fastcgi_max_temp_file_size 0;
  fastcgi_buffers 16 16k;
  fastcgi_buffer_size 32k;

  fastcgi_read_timeout 600;
  fastcgi_send_timeout 600;

  client_max_body_size 2048m;

  error_page 497 https://$hostname:$server_port$request_uri;

  include /etc/sw-cp-server/conf.d/*.conf;
}

Do i have to make all changes listed in the kb article ?
Anyway, as i use plesk 12, the article is applicable as it ?

Thanks again for all your help
Xavier

 

[Xavier123]

Hi again,
I go forward...slowly, but i hang on !
So, i update the Os (Ubuntu) : http://www.ubuntu.com/usn/usn-2385-1/
Done !

Now, i want to correct the poodle issue by disabling the ssl3 protocol. For this, i saw in the page you gave me that there is a script for this : http://kb.odin.com/Attachments/kcs-40007/ssl_v3_disable.zip
The script seems to work with plesk 12 under linux.
Ok, got it, ran, seems ok !
The result on the test site for ssl tell me that i have always a "T" results, but i have no more issue with poodle.

Now when i check, something goes wrong :

- When i try to connect to smtp using the same params (port, etc..), no problem.
- When i try to connect to pop i always has these message (in my website, before the change, it was working) :
Error connecting to {pop3.copaindescopeaux.fr:110/novalidate-cert/service=pop3}
TLS/SSL failure for pop3.copaindescopeaux.fr: SSL negotiation failed

I can try with ssl, tls, no security, imap, pop3, pop3 without imap, that's always the same result, i can not join the pop service.

The problem still remain the same for Horde : if i use Roundcube, i can connect correctly, but with horde i can't...

What did i miss ?
Thanks

 

[Xavier123]

I have just try also to connect with imap by smartphone using all the protocols (no security, ssl, ssl -accept all certificates, tls, tls -accept all certificates).
Note : if i try on my website : pop.copaindescopeaux.fr, Port 993, TLS, i have this response :

• Error connecting to {pop.copaindescopeaux.fr:993/tls/novalidate-cert/service=pop3}

• POP3 connection broken in response

 

[Xavier123]

Hi again,
I found a post from you and i try without success (your post is here : http://talk.plesk.com/threads/ssl-poodle-sslv3-bug.323338/page-5 at the bottom of the page)
So i tried to change this in main.cf :

#smtpd_tls_protocols = SSLv3, TLSv1
smtp_tls_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3

#smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_mandatory_protocols = TLSv1, TLSv1.1, Tlsv1.2, !SSLv2, !SSLv3

Restart all the services (to be sure
No more success..

If you can tell me if i leave this change or if i have to do something else...
Thanks

 

[UFHH01]

Hi Xavier123,

in most cases, the error - logs point to issues for further investigations and as well complete depending configuration files. Please always include the new error - entries, after any changes, because they might be completely different to former ones. It wont help the investigations, if you just describe the issue, because we can only guess, what might be wrong or misconfigured.

Parallels Plesk Panel for Linux services logs and configuration files ( KB - article: 111 283 )​

First, I would like to point again to the "Poodle" - KB... even that there is a script provided in the KB article, you should always control the additional seetings and suggested changes in this specific article, just to be sure, that all configurations are changed as suggested - if you are unsure, please post all the mentioned configuration files, so that people willing to help can investigate the possible misconfigurations. Again... please add as well the depending error - logs, because the combination will lead to faster investigations.

[Plesk] CVE-2014-3566: POODLE attack exploiting SSL 3.0 fallback ( KB - article: 123 160 )​

In some cases you might experience issues with incompatibilities for some browser and/or eMail - clients, after you followed the KB - article 123 160. It might help to read:

SSL POODLE / SSLv3 bug ( Parallels Forum - Link )​

... to solve such issues, because there are several additional solutions provided in this thread.

--------------------------------------------------​

To start investigations, make sure, you know WHICH eMail - server combination you use ( postfix/courrier-imap - postfix/dovecot - qmail/courrier-imap - qmail/dovecot ) and always include these informations, if you have issues, because suggestions to solve your issues can vary between these very own configurations and people willing to help don't want to spend time by asking for your very own specifications on your server.
Let's assume, that you use "postfix/courrier-imap" for your server and ask yourself, WHAT are the changes that you made, when you replaced the standard Plesk - certificate? Where does postfix/courrier-imap define the paths for the certificate and where is the newly created certicate file ( *.pem ) file located?
( hint for postfix: "postfix_default.pem" - hint for courrier-imap: "imapd.pem" and "pop3d.pem" - either replace these files, of define the new path to the freshly created self-signed certificate ).

To check your complete settings, use a site like "http://www.mxtoolbox.com" - or even better, to understand the possible misconfigurations, use a site like "http://www.checktls.com/perl/TestReceiver.pl"


Please check as well your SPF - configuration, which is as well an issue on your server for the domain "copaindescopeaux.fr" - The standard settings "v=spf1 +a +mx -all" won't fit your needs, because of the fact, that your DNS does NOT reverses to your domain, but instead reverses to "ns370831.ip-94-23-203.eu". You can include IP and MX settings in your SPF entry and be aware that the configuration "-all" tells all other mail - servers: "if any of my configuration is incorrect, then answer with a FAIL", which will result in an abortion of the communication with the other mail - servers. My suggestion is to use an SPF - entry like: "v=spf1 +a +mx +mail.copaindescopeaux.fr +mailcdc.fr +ip4:94.23.203.209 ?all" , because your hostname is defined as "mailcdc.fr" and the "?all" will only result in a SOFT FAIL, which never aborts a mail-server connection, even if a setting might be incorrect.

 

[Xavier123]

Hi UFHH01,
I'm going to check all this, try to see what's wrong and i will come back here with the results : i don't want to take your time and goodwill for nothing.
Anyway, you teach me a lot and allready for this, thank to you

I have a big help in another way too : i have 2 others server with Plesk. On these server, i made exactly the same installation, same way to create accounts and domain and even on a same server, i have difference between things (a domain can connect to horde and another one can't...why ? This is what i'm going to understand if i can
I will come back with all the results (and questions if you can help me on this if i don't succeed).
Xavier