• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question How to diagnose Mail failure on StartTLS

B

BNSHosting.net

New Pleskian
Server operating system version
CentOS 7.0
Plesk version and microupdate number
Plesk Obsidian 18.0.48
I had a domain tested for mail security and here it says that it failed.
1675480440419.png

Where do i start to troubleshoot this? The mail server has letsencrypt SSL to 'secure the webmail' enabled.
But i don't see where i can configure the STARTTLS in the Plesk GUI. Has anyone ever encountered this before?
 
1. Check as root in shell if smtps is set for postfix: grep smtps -A6 /etc/postfix/master.cf
2. Check your server's firewall if incoming for Port 25 is blocked
 
I think you might have your settings set up weirdly or your servers firewall is blocking ports (like gwen suggested, check your server's firewall incoming port 25). When testing using //email/testTo: against your domain shows that the connection is timing out.
 
scsa20 said:
I think you might have your settings set up weirdly or your servers firewall is blocking ports (like gwen suggested, check your server's firewall incoming port 25). When testing using //email/testTo: against your domain shows that the connection is timing out.
Click to expand...
Thanks for the link: port 25 , 587 and 465 are open. We can send and receive email from our domain to gmail.com
 
BNSHosting.net said:
gateway error NGINX. But we were eventually able to solve this by running the Plesk Repair Kit.
Click to expand...
Additional data:
Template_Exception: httpd: Syntax error on line 56 of /etc/httpd/conf/httpd.conf: Syntax error on line 7 of /etc/httpd/conf.modules.d/00-proxy.conf: Cannot load modules/mod_proxy_ajp.so into server: /etc/httpd/modules/mod_proxy_ajp.so: undefined symbol: ap_proxy_check_connection

file: /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php

line: 75
code: 0
 
You sure that it's open? Because when I did a test just now it still shows that the connection is timing out telling me that it's not reachable.

Also, tbh, I don't see the point in hiding your domain name at this point since I was able to find it doing a reverse DNS search (is how I was able to do my tests).

In either case, make sure firewalls are configured to allow the connections through and also, if your hosting provider has any kind of virtual firewalls, I would suggest to make sure those are also set to allow the connections through.
 
scsa20 said:
You sure that it's open? Because when I did a test just now it still shows that the connection is timing out telling me that it's not reachable.

Also, tbh, I don't see the point in hiding your domain name at this point since I was able to find it doing a reverse DNS search (is how I was able to do my tests).

In either case, make sure firewalls are configured to allow the connections through and also, if your hosting provider has any kind of virtual firewalls, I would suggest to make sure those are also set to allow the connections through.
Click to expand...
Thanks for your help Scsa20. I used an online port checker to confirm that the ports are open.
I think it may be the /etc/postfix/main.cf configuration entries at fault. I will double check those.
1675638843782.png
1675638857012.png
1675638875600.png
 
Here are snippets of my main.cf relating to TLS:

smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

tls_server_sni_maps = hash:/var/spool/postfix/plesk/certs
#smtpd_tls_security_level = may
smtpd_tls_security_level = encrypt
# smtpd_use_tls = no
smtpd_use_tls = yes

# smtp_tls_security_level = may
smtp_tls_security_level = encrypt
# smtp_use_tls = no
smtp_use_tls = yes

smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,RSA+AES, eNULL
tls_medium_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
tls_preempt_cipherlist = yes

(i tried both smtp_tls_security_level = may and encrypt)
 
Don't really think it's Postfix's settings as long as you leave things as default.

Here's some screen shots I've took of my settings within plesk, you would see it's pretty default. The domain is of my friends domain which works fine.

Mind you with the host provider I'm using I had to put in a ticket to have them unblock port 25, 465, and 587 so you might also want to make sure that is unblocked. I'm actually impressed that you're able to even email in using gmail if my testing shows connection is timing out lol.

If everything is showing fine, and your hosting provider confirms that they are not blocking anything that could possibly be blocking, I would suggest that you open a ticket with Plesk support directly. They have ways to access with you to look through the configurations with you to find out why that is happening.

support.plesk.com

How to get support directly from Plesk?

Question How to get support directly from Plesk? Answer Lease-type Plesk licenses purchased directly from Plesk running on supported Plesk version include full free support. Perpetual-type license...
support.plesk.com support.plesk.com
 

Attachments

  • friends domain setting.png
    friends domain setting.png
    101.2 KB · Views: 4
  • mail server settings.png
    mail server settings.png
    521.5 KB · Views: 4
  • ssl settings global.png
    ssl settings global.png
    184.7 KB · Views: 4
scsa20 said:
Don't really think it's Postfix's settings as long as you leave things as default.

Here's some screen shots I've took of my settings within plesk, you would see it's pretty default. The domain is of my friends domain which works fine.

Mind you with the host provider I'm using I had to put in a ticket to have them unblock port 25, 465, and 587 so you might also want to make sure that is unblocked. I'm actually impressed that you're able to even email in using gmail if my testing shows connection is timing out lol.

If everything is showing fine, and your hosting provider confirms that they are not blocking anything that could possibly be blocking, I would suggest that you open a ticket with Plesk support directly. They have ways to access with you to look through the configurations with you to find out why that is happening.

Click to expand...
scsa20 said:
Don't really think it's Postfix's settings as long as you leave things as default.

Here's some screen shots I've took of my settings within plesk, you would see it's pretty default. The domain is of my friends domain which works fine.

Mind you with the host provider I'm using I had to put in a ticket to have them unblock port 25, 465, and 587 so you might also want to make sure that is unblocked. I'm actually impressed that you're able to even email in using gmail if my testing shows connection is timing out lol.

If everything is showing fine, and your hosting provider confirms that they are not blocking anything that could possibly be blocking, I would suggest that you open a ticket with Plesk support directly. They have ways to access with you to look through the configurations with you to find out why that is happening.

support.plesk.com

How to get support directly from Plesk?

Question How to get support directly from Plesk? Answer Lease-type Plesk licenses purchased directly from Plesk running on supported Plesk version include full free support. Perpetual-type license...
support.plesk.com support.plesk.com
Click to expand...
thanks for these. Will try it out later.
 
GwenDragon said:
@BNSHosting.net

↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑
Read this and answer, please.
Click to expand...
here is the content of the /etc/postfix/master.cf
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: Postfix manual - master(5)).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes)
(yes)
(no)
(never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
cleanup unix n - n - 0 cleanup
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
 
You must log in or register to reply here.

Similar threads

M
Issue Mail issue: Remote server returned '554 5.7.4 < # 5.7.4 SMTP; 554 5.7.4 failed to deliver message via SSL/TLS. >' -lost connection after STARTTLS from
Replies
1
Views
778
scsa20
scsa20
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
2K
mow
M
G J Piper
Resolved SSL It! Let's Encrypt Not Issuing Certificate on MX-only Domain
Replies
8
Views
508
G J Piper
G J Piper
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
609
Chucky_213123
C
E
Question Horde to Roundcube migration
Replies
1
Views
445
AYamshanov
AYamshanov
Back
Top