1

Topic: Configure iredmail with gmail

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Ubuntu 14.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? NO
- Related log if you're reporting an issue:
====

Hello,

I've setup SSL certificates for my Postfix mail server using Lets encrypt.

However, am having a problem setting up Pop3s on Gmail so that users can view and send email from Gmail web client.

Gmail gives the error; "There was a problem connecting to mail.hataricloud.com
Server returned error: "Connection timed out: There may be a problem with the settings you added. Please contact your other email provider to verify the correct server name and port.".

I also having issues with sending mail through Gmail. It gives the error "Your other email provider is responding too slowly. Please try again later, or contact the administrator of your other domain for further information.".

Gmail says For a certificate to be valid it needs to chain up to a valid CA, which I believe Lets encrypt is valid one. What could be the problem. I've been trying to resolve this for weeks. Thanks alot.

dovecot configuration
/etc/dovecot/dovecot.conf
ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
ssl_cert = ssl_key =

postfix configuration
etc/postfix/main.cf
TLS parameters
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.hataricloud.com/chain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.hataricloud.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.hataricloud.com/cert.pem

Testing SSL certificate.
It looks okay.
root@mail /e/l/l/mail.hataricloud.com# openssl s_client -connect mail.hataricloud.com:995 -verify 9 -CApath /etc/letsencrypt/live/mail.hataricloud.com

verify depth is 9
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X1
verify return:1
depth=0 CN = mail.hataricloud.com
verify return:1

Certificate chain
0 s:/CN=mail.hataricloud.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3

Server certificate
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYT6Dlz1AJ7mYJt7p61I0ez3MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAxMTExNzI1MDBaFw0x
NjA0MTAxNzI1MDBaMB8xHTAbBgNVBAMTFG1haWwuaGF0YXJpY2xvdWQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1SHp8u//eDUhAk7lgeh31ac
+gdBdJGsrkdPy/6bG+UWPckpsbIV1bMgyp0pInzuZR6iqhQQIcKov9jZ5W4k9zH0
yHlDLqZ9XggekxYH8FHMU610Onej+4C35HVwf7XQ5wnjt1teWQWReemfUWkAT5vY
bN56FbjF6xkRHVcul82xCnO5b4ManhLS3DAo/hOiZhHWoJmmhh5FeO35a8FOSHb/
5K74gJfypq7R1Zg3RA3RQCQUL0RYRg2fsBz7/88ktGroDFCWHdepTpphTldYtsVF
lotlztBdafvaQteGiLySkgzaR0qA3krRKNXEYdqYUgU85CKuNoyffXptjlz72QID
AQABo4ICFTCCAhEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSSxH6UXpbPCF4kimEV
tv3hnTb5HjAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBwBggrBgEF
BQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14MS5sZXRzZW5j
cnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDEubGV0c2Vu
Y3J5cHQub3JnLzAfBgNVHREEGDAWghRtYWlsLmhhdGFyaWNsb3VkLmNvbTCB/gYD
VR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBdezNRDuDwXM2PPciRwQTv
SHqnC8w9ckGH188yRztMKvHoG3vXA/4JrEC17sYH+DR9rESOdLBtwMxvZvxKUNU6
pLQ23wEVOOSEKn41RZ6P9vxWzJUK6MfSR+1eqw7cUW5ADsBuQjrw48V0SsHoKiX2
ktxVrTOjaXO6EeS5EDBdqxgfqFD4wl2uEeIp0f9B53Huu9Lt+h4Xl+DLfOchehD1
1QfXLF08/EN8ChYa38GVeTJFRuA2f9RmXz246Q7IDwIzv/RJ+RBEXWCpRVWUmntM
9CK8mCgkPpZdVe9vupZ3X1ox90v3oYxQAGMR3sou61NOilIIcnDkA1AQh4RBYlo+
-----END CERTIFICATE-----
subject=/CN=mail.hataricloud.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1

No client certificate CA names sent
SSL handshake has read 3186 bytes and written 453 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: A6DCE04CCEFB10CCC3E918C6F5FF1C4F148818BA4C29D24DE5A8813D0E8DEC9E
Session-ID-ctx:
Master-Key: 0519CB4C8434A6B00C30E5F20F4534C9583672BB827C4B334D6B94E834EFAC3FDFB155AE29988DB074270B6E4AD663A3
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - ad b0 7d 9d 17 a9 76 8f-fc c4 ca fb 60 4f 7a ca ..}...v.....`Oz.
0010 - 94 af f6 f5 fd 73 c0 46-8b c1 a3 3f 8d b4 67 30 .....s.F...?..g0
0020 - 4f eb 0c 98 0e 3c 3e 18-d1 af 6d f0 39 78 9a ba O....<>...m.9x..
0030 - 33 6c 28 c2 8e 63 34 02-62 0f dd 9c 03 b0 15 4b 3l(..c4.b......K
0040 - e6 0f a4 de 02 1b 10 92-eb eb a8 aa e2 15 ec 0b ................
0050 - 64 13 72 7b 5d 3a 5c 22-1e cc 81 67 80 b9 52 5d d.r{]:\"...g..R]
0060 - 44 57 25 da db ab 6c ec-1d 88 95 6c b8 cc cc 6a DW%...l....l...j
0070 - c9 6d c9 4b 68 51 f7 2f-5b 7b c8 c5 b4 5c da c7 .m.KhQ./[{.....
0080 - 76 a1 67 70 80 25 19 5b-85 5a e2 f3 a9 6f a9 30 v.gp.%.[.Z...o.0
0090 - 27 4b 07 8a 73 9a b5 de-95 dd 2e d0 66 1c d8 44 'K..s.......f..D

Start Time: 1454240037
Timeout : 300 (sec)
Verify return code: 0 (ok)

+OK Dovecot (Ubuntu) ready.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Configure iredmail with gmail

*) Make sure your letsencrypt ssl cert is working fine.
*) For POP3 connection, please make sure you're connecting to iRedMail server through port 143 with TLS, or 993 with SSL.
*) Make sure your firewall doesn't block the port number you're using.

3

Re: Configure iredmail with gmail

Hello,

All those checks pass. The funny thing is that my iredmail server works fine with Gmail mobile app, but the web refuses pop/smtp settings!!

ZhangHuangbin wrote:

*) Make sure your letsencrypt ssl cert is working fine.
*) For POP3 connection, please make sure you're connecting to iRedMail server through port 143 with TLS, or 993 with SSL.
*) Make sure your firewall doesn't block the port number you're using.