Mail client on iOS and mac os doesnt connect to my server.

astech

We have a Mailcow server running behind an Nginx Proxy Manager (NPM) reverse proxy. To configure SSL for Mailcow, i have disabled automatic Let’s Encrypt certificate generation in Mailcow by setting SKIP_LETS_ENCRYPT=y in the mailcow.conf file. Then i manually copied the SSL certificate and private key from Nginx Proxy Manager to the appropriate directories in Mailcow:

Certificate (fullchain6.pem) → /opt/mailcow-dockerized/data/assets/ssl/cert.pem Private Key (key6.pem) → /opt/mailcow-dockerized/data/assets/ssl/key.pem

After updating the certificates, i restarted the relevant Mailcow containers (postfix-mailcow, nginx-mailcow, dovecot-mailcow) and even all containers to ensure the changes took effect.

However, i’m encountering issues with SMTP connectivity when configuring mail clients:

IMAP Configuration : Works fine.
SMTP Configuration :
Some mail clients (e.g., em-client) detect an issue but offer options to fix it.
The macOS Mail client on some MacBooks fails entirely to connect to the server.
iOS devices allow mailbox setup through a profile, but the profile is flagged as unsigned, and subsequent attempts to retrieve mail result in the error:
Cannot Get Mail. The mail server “mail.avivir.ru” is not responding. Verify that you have entered the correct account info in Mail settings.

All mailcow porst are redirected through mikrotik rounter with NAT rules, except for 80 and 443, which are redirected through the nginx proxy manager.

These are the only changes i made to the server. i didnt change any other settings, including DNS configurations.
Sending/receiving mails with Sogo worked and still working without problems.
Adding mailboxes to iOS and mac os wasn’t a problem before doing these changes, except for the client profile being flagged as “Unsigned” i couldnt find the reason before and it didnt bother me or my collegues.

mailcow.conf

mailcow-conf.txt

11kB

esackbauer

You should check the postfix log for connection attempts from the clients.
If you don’t see them in that log, it is a network problem, not a mailcow problem.

Also I would delete the attachment mailcow.conf because it has your database passwords in it…

astech

esackbauer apparently, i cant delete the file, because there is no edit option. Thank you for mentioning thaty, i will change them.

If it’s a network problem, then how come i can connect with windows clients (outlook, em-client), android also works like a sharm. The rpoblem seems to be related to iOS and mac os, some how they dont like my new configuration(

Isn’t copying the certificate and key from nginx to mailcow
right?

esackbauer

It depends on how you configure the clients, activesync works via https (via your NPM), IMAP has 2 ports and SMTP has 2 ports.
You need to narrow it down, and check the logs!

Also check the DNS records, if they are properly pointing to your mailserver.

astech

I solved the problem by purchasing a commercial SSL and adding the cert.pem and key.pem of the new SSL certificate to nginx proxy manager as following:

1-In the nginx web interfeace >> SSL Certificate >> Add SSL certificate >> Custom
Name = mailcow domain name (for ex : mail.domain.com)
Certificate key = key.pem
Certificate = cert.pem
2-In the mailcow.conf set SKIP_LETS_ENCRYPT=y
3-stop and remove acme container
4-Add the cert.pem and key.pem to /opt/mailcow-dockerized/data/assets/ssl
5-Check the certificate with command:
openssl s_client -connect mail.domain.com:443 -servername mail.avivir.ru -showcerts
in my case the output shows GlobalSign certificate chain (I bought the ssl from globalsign)