email app on phone not connected to same network says imap.thetechnologystudio.com isn't responding. I am receiving and able to send emails from Sogo but imap seems to not work smtp tests says working but unsure if fully working I have attached photos of my configurations and uploaded my main maincow config. Please help. >! `# ------------------------------ # mailcow web ui configuration # ------------------------------ # example.org is _not_ a valid hostname, use a fqdn here. # Default admin user is "admin" # Default password is "moohoo" MAILCOW_HOSTNAME=mail.thetechnologystudio.com # Password hash algorithm # Only certain password hash algorithm are supported. For a fully list of supported schemes, # see https://mailcow.github.io/mailcow-dockerized-docs/models/model-passwd/ MAILCOW_PASS_SCHEME=BLF-CRYPT # ------------------------------ # SQL database configuration # ------------------------------ DBNAME=mailcow DBUSER=mailcow # Please use long, random alphanumeric strings (A-Za-z0-9) DBPASS=xvD9sKT5LfVpJ8rmjF4zodUIFZp8 DBROOT=CHh1VpRBQqrtnDM13XHwv9rHZdpS # ------------------------------ # HTTP/S Bindings # ------------------------------ # You should use HTTPS, but in case of SSL offloaded reverse proxies: # Might be important: This will also change the binding within the container. # If you use a proxy within Docker, point it to the ports you set below. # Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT # IMPORTANT: Do not use port 8081, 9081 or 65510! # Example: HTTP_BIND=1.2.3.4 # For IPv4 leave it as it is: HTTP_BIND= & HTTPS_PORT= # For IPv6 see https://mailcow.github.io/mailcow-dockerized-docs/post_installation/firststeps-ip_bindings/ HTTP_PORT=80 HTTP_BIND=192.168.1.157 HTTPS_PORT=443 HTTPS_BIND=192.168.1.157 # ------------------------------ # Other bindings # ------------------------------ # You should leave that alone # Format: 11.22.33.44:25 or 12.34.56.78:465 etc. SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 IMAPS_PORT=993 POP_PORT=110 POPS_PORT=995 SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 REDIS_PORT=127.0.0.1:7654 # Your timezone # See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones # Use the row named 'TZ database name' + pay attention for 'Notes' row TZ=America/Toronto # Fixed project name # Please use lowercase letters only COMPOSE_PROJECT_NAME=mailcowdockerized # Used Docker Compose version # Switch here between native (compose plugin) and standalone # For more informations take a look at the mailcow docs regarding the configuration options. # Normally this should be untouched but if you decided to use either of those you can switch it manually here. # Please be aware that at least one of those variants should be installed on your machine or mailcow will fail. DOCKER_COMPOSE_VERSION=native # Set this to "allow" to enable the anyone pseudo user. Disabled by default. # When enabled, ACL can be created, that apply to "All authenticated users" # This should probably only be activated on mail hosts, that are used exclusivly by one organisation. # Otherwise a user might share data with too many other users. ACL_ANYONE=disallow # Garbage collector cleanup # Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring # How long should objects remain in the garbage until they are being deleted? (value in minutes) # Check interval is hourly MAILDIR_GC_TIME=7200 # Additional SAN for the certificate # # You can use wildcard records to create specific names for every domain you add to mailcow. # Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like: #ADDITIONAL_SAN=imap.*,smtp.* # This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "smtp.example.net" # plus every domain you add in the future. # # You can also just add static names... #ADDITIONAL_SAN=srv1.example.net # ...or combine wildcard and static names: #ADDITIONAL_SAN=imap.*,srv1.example.com # ADDITIONAL_SAN= # Additional server names for mailcow UI # # Specify alternative addresses for the mailcow UI to respond to # This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI. # If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root. # You can understand this as server_name directive in Nginx. # Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f ADDITIONAL_SERVER_NAMES= # Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n SKIP_LETS_ENCRYPT=n # Create seperate certificates for all domains - y/n # this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames # see https://wiki.dovecot.org/SSL/SNIClientSupport ENABLE_SSL_SNI=n # Skip IPv4 check in ACME container - y/n SKIP_IP_CHECK=n # Skip HTTP verification in ACME container - y/n SKIP_HTTP_VERIFICATION=n # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n SKIP_CLAMD=n # Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n SKIP_SOGO=n # Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1. SKIP_SOLR=n # Solr heap size in MB, there is no recommendation, please see Solr docs. # Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended. SOLR_HEAP=1024 # Allow admins to log into SOGo as email user (without any password) ALLOW_ADMIN_EMAIL_LOGIN=n # Enable watchdog (watchdog-mailcow) to restart unhealthy containers USE_WATCHDOG=y # Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME) # CAUTION: # 1. You should use external recipients # 2. Mails are sent unsigned (no DKIM) # 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME) # Multiple rcpts allowed, NO quotation marks, NO spaces #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com #WATCHDOG_NOTIFY_EMAIL= # Notify about banned IP (includes whois lookup) WATCHDOG_NOTIFY_BAN=n # Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message. #WATCHDOG_SUBJECT= # Checks if mailcow is an open relay. Requires a SAL. More checks will follow. # https://www.servercow.de/mailcow?lang=en # https://www.servercow.de/mailcow?lang=de # No data is collected. Opt-in and anonymous. # Will only work with unmodified mailcow setups. WATCHDOG_EXTERNAL_CHECKS=n # Enable watchdog verbose logging WATCHDOG_VERBOSE=n # Max log lines per service to keep in Redis logs LOG_LINES=9999 # Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24) # Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses IPV4_NETWORK=172.22.1 # Internal IPv6 subnet in fc00::/7 # Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses IPV6_NETWORK=fd4d:6169:6c63:6f77::/64 # Use this IPv4 for outgoing connections (SNAT) #SNAT_TO_SOURCE= # Use this IPv6 for outgoing connections (SNAT) #SNAT6_TO_SOURCE= # Create or override an API key for the web UI # You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs # An API key defined as API_KEY has read-write access # An API key defined as API_KEY_READ_ONLY has read-only access # Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, - # You can define API_KEY and/or API_KEY_READ_ONLY #API_KEY= #API_KEY_READ_ONLY= #API_ALLOW_FROM=172.22.1.1,127.0.0.1 # mail_home is ~/Maildir MAILDIR_SUB=Maildir # SOGo session timeout in minutes SOGO_EXPIRE_SESSION=480 # DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars. # Empty by default to auto-generate master user and password on start. # User expands to DOVECOT_MASTER_USER@mailcow.local # LEAVE EMPTY IF UNSURE DOVECOT_MASTER_USER= # LEAVE EMPTY IF UNSURE DOVECOT_MASTER_PASS= # Let's Encrypt registration contact information # Optional: Leave empty for none # This value is only used on first order! # Setting it at a later point will require the following steps: # https://mailcow.github.io/mailcow-dockerized-docs/troubleshooting/debug-reset_tls/ ACME_CONTACT= # WebAuthn device manufacturer verification # After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates WEBAUTHN_ONLY_TRUSTED_VENDORS=n `! < [upl-image-preview url=https://community.mailcow.email/assets/files/2023-07-15/1689389963-874029-screenshot-6.png] [upl-image-preview url=https://community.mailcow.email/assets/files/2023-07-15/1689389964-216396-screenshot-5.png] [upl-image-preview url=https://community.mailcow.email/assets/files/2023-07-15/1689389964-417004-screenshot-4.png] [upl-image-preview url=https://community.mailcow.email/assets/files/2023-07-15/1689389964-531221-screenshot-3.png] [upl-image-preview url=https://community.mailcow.email/assets/files/2023-07-15/1689389964-643840-screenshot-2.png] [upl-image-preview url=https://community.mailcow.email/assets/files/2023-07-15/1689389964-724854-screenshot-1.png] [upl-image-preview url=https://community.mailcow.email/assets/files/2023-07-15/1689389964-828862-screenshot-75.png]

@"esackbauer"#p9855 In my DNS i added all of these, Could they be the issue? Worked in my previous install months ago and i dont think i added any of them before. I only did for this install. [upl-image-preview url=https://community.mailcow.email/assets/files/2023-07-15/1689432091-518883-screenshot-7.png] I ran a SMTP test and its got timeouts happening. [upl-image-preview url=https://community.mailcow.email/assets/files/2023-07-15/1689432706-887233-screenshot-8.png]

Imap Issues

esackbauer

I have checked your mailserver on port 993 (openssl s_client -crlf -connect mail.thetechnologystudio.com:993) it is serving a self-signed default certificate, instead of the lets encrypt certificate.
Probably that is the reason why your mail client is not working.
IMAP needs a direct connection, your nginx/reverse proxy configuration is irrelevant as it cannot be used for IMAP.

It seems you have your LE certificates generated at your reverse proxy.
If this is the case, copy them to mailcow afterwards:
https://docs.mailcow.email/post_installation/firststeps-ssl/#how-to-use-your-own-certificate
And disable Lets Encrypt completely in mailcow.conf:
https://docs.mailcow.email/post_installation/firststeps-ssl/#disable-lets-encrypt

And please use the code Markdown when you past config data… Your post is pretty much unreadable.

TheTechDev

esackbauer I will try this. I was hoping that Mailcow was generating lets encrypt certs just for it. but i guess not.

Auto Setup for some reason is not working, And imap still not working with the new Certs same error.

TheTechDev

esackbauer
In my DNS i added all of these, Could they be the issue?

Worked in my previous install months ago and i dont think i added any of them before. I only did for this install.

I ran a SMTP test and its got timeouts happening.

TheTechDev

Nvm the smtp test was on my ip. When using mail.thetechnologystudio.com it works fine.

esackbauer

If you never look at the logs from e.g. lets encrypt you will never find out why that is.
Classical error to be found also here in the forums is something else is listening on port 80, or port 80 is not forwarded to mailcow, like if someone is not reading the documentation properly 😉
https://docs.mailcow.email/prerequisite/prerequisite-system/#firewall-ports

TheTechDev

esackbauer I ran the logs and have let’s encrypt disabled. Logs shows no errors. As for port 80. It’s the only thing on that server so there is no conflicts possible. It’s on a private vm

esackbauer

Now what do you want? Use your wildcard certificates from nginx or have mailcow generate only for itself? If the latter, you have to ENABLE Lets Encrypt, not disable it…
Also you cannot check “force SSL” in your “Edit proxy host” configuration. Otherwise Lets Encrypt will never work. That is one of the problems, if you want a reverse proxy, please stick to its documentation.
To me it seems you don’t really know what to do or are not following the documentation. Read the documentation!

TheTechDev

esackbauer I am using the certs from nginx proxy manager like you recommended. Il try turning force ssl off. I have read the entire documentation but it’s not clear for the nginx proxy manager settings. I set the settings up according to the wiki.

esackbauer

Have you copied the wildcard ssl cert and key to mailcow as in my first link?
As long as the proper certificates are not in place in mailcow you will have troubles connecting via IMAP. And that has nothing to do with reverse proxy then. THe reverse proxy can make troubles if you use Lets Encrypt cert generation within mailcow.

TheTechDev

esackbauer Yes I have and I disabled lets encrypt I also ran the docker restart commands.

The certificates are even verified with the openness s l command that it’s pulling real certs

esackbauer

So whats wrong? BTW: The SMTP “error” is NOT a timeout. Again, read carefully. It is just slow, but that can be because of greylisting.

TheTechDev

esackbauer

I’m using the full chain certificate should I try the regular certificate?

TheTechDev

The smtp was not a error after all. Thr tool tried to use my public ip for the test not my fqdn. When I ran it again with fqdn smtp had no issues. Just imap. Il recheck the certs once home

[unknown]

Thank you for taking the time to help me

TheTechDev

It is working now. May have taken a while for everything to accept the cert changes? Thank you for your help @esackbauer

esackbauer

“I’m using the full chain certificate should I try the regular certificate?”
That answers also the documentation…