Link to home
Start Free TrialLog in
Avatar of Peter Chan
Peter ChanFlag for Hong Kong

asked on

Problem to config

On hMailserver, I have
User generated imageUser generated image
but  now it is leading to problem below
User generated image
when sending out mail (within server). Before this, it was fine to send out mail on server
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

what did you change?
Avatar of Peter Chan


Apply the certificate only
I've not used that particular mail server, but the configuration in the snapshots you've uploaded don't look complete to me. Why have the IP/TCP fields been left at ?
Please note the error is a failure to connect to
What does it resolve to?

Note all the certificates you are using seem to be

Try the following using internet explorer
HTTPS:// and see what you get.
Potentially there is no resolution.

Please note in the config meAns it listens on all network adapters the system has active and all iOS the system may have on the 995, 465 .......
Thanks to all.

I put the relevant IP instead of below (and have also re-started hMailserver)
 User generated imageand have put
User generated imageas server hostname in above, but I am still getting the same problem. Is it there problem to server setup?
There absolutely no reason to put your public ip in the config for any service as it is highly unlikely that your system is directly exposed to the Internet.
Run ipconfig in a command window or properties of the network, detail.
The IP you set in the config MUST be present on the system as the setting tells the service to bind to ip port.

My comment about the in the original picture is to provide a detailed explanation of what the configuration means.
That in no way meant that you shoukd make changes to the config.

Your issue from the error is that wherever the source of the error tries to access the hostname reported in the error.
Making sure you use the correct hostname that matches the names available in the certificate pointing to the IP you control....
The process of setting up servers is:
1) setup, configure server taking into account of hostnames.
2) test locally on the server to make sure all services are functioning as expected. Once confirmed that services and connection on the LAN ip work as intended including SSL/tls, make no further changes, alteration on the server, in this case hmailserver.
The server setup is complete if your setup, certificate relies on a single hostname, stick with this setup until the certificate expiration or

3) when working in fluent configuration, the automatic detection in many email clients are for well known domains of large organizations. You shoukd be comfortable configuring an account for an email client in a computer, or smartphone and not rely or expect the automatic detection, setup to do it.

Incoming mail server (IMAP):  
Incoming  mail server (POP3d):
Outgoing SMTP mail server:
The options you support insecure/secure for the respective services
25/465/587 standard, SSL, alternate unencrypted

The hostnames in a small environment can be pointing to a single host.
The large firms use different hosts because they have a set of server that handle specific tasks to deal with scale.
These large organizations use loadbalancer that distribute requests among servers.

I am uncertain since the first question on configuring hmailserver you keep changing server settings when you are configuring client setting.

Not sure what the source or why you are not maintaing the same referenced, or if you are trying to get the email client auto config, why you injecting new names I.e. Win-.........

In your current setup, the hostnames for all services when configuring email clients should match the certificate.
Incoming (IMAP): (this is the name on the certificate for SSL without getting errors)
incoming (POP3D): (this is the name on the certificate for SSL without getting errors)
Outgoing (SMTP): (this is the name on the certificate for SSL without getting errors)

Reverse your hmailserver setup to listen on all IPs for each service by using instead of the ip you now have.

If you are not able to access your mailserver using an email client outside your network, you have to check your firewall settings to make sure you allow requests to public ip ports 25, 110, 143, 465, 587 to go to the LAN ip where these services run
25 must be open to allow inbound messages for your recipients sent from everywhere else
143,110 commonly shoukd not be allowed as the connection is unencrypted such that data is in plain text
993,995 for secure IMAP/pop3d
Thanks a lot.
I am nearly finishing the steps to apply new certificate (using instead) and would update you with outcome.
Why get additional certificates on a single host especially a non-standard and one clearly identifying the host for is type.

Commonly one uses generic host that about identifying to minimize/reduce attack vectors

I.e. You do not want in effect a billboard, hey Windows system here.
Or one that has or might be location info, geographic area...

A generic certificate can be exported, imported and used ......

But glad you are near completing your ...
I apply new certificate below (by also change IP of TCP/IP ports)

User generated image
but I still have problem on server
User generated image
Unfortunately your images convey info that an error exists. The scenario, setup, environment under which circumstances these errors show up is unclear.

What is the source of the error?
on the system, setup where the error shows up:
nslookup the reference
ping the ip from the response
What is the local ip of the system where the error is displayed?
What type of certificate are you getting?

Main point is you are seemingly altering your client configuration dealing what hostname the client program uses to connect to your server, post the error, get an interpretation/impression of the meaning of the error, you go out and get certificate on the new hostname.

There are different types of certificates, that include definition of functions as well as othe hostnames (SAN) the certificate might be valid for.

The error says that whatever generated it is unable to connect to the specified host
There is no way for me to know whether the issue is that the system on which this error shows up can not resolve (nslookup) the host.
If it can resolve, what port it is trying to connect to and whether that port is opened on the system (nail server)
Before I tried to apply certificate, Thunderbird did work fine (with hmailserver) on server machine.

Now I've tried to recover it, like
User generated imagewhich is same domain name like A record.

but I still have this issue
User generated image
I do not know what changes you made in relation to the client on the server.

Did you update the client settings to match the new certificate, ports you use
Instead of 25, 110, 143
To use SSL under advanced, 465, 995, 993?
I now do not use the new certificate. As I said, previously everything was fine on server to send out message, do you know the reason, per the error shown, in my previous reply.
The hostname does not exist
nslookup win-......

returns no information.
I am using the below one instead:

Server:  localhost
Address:  ::1

Non-authoritative answer:
Please note the error references a hostname that is not

This hostname, win- was also included in images of a client config.

It looks like you made some changes that thunderbird loaded win-adi..... As a hostname and it is being accessed and fails.

Please see error that says failed to connect to <hostname> (SMTP)

If you did not intend it, why get a certificate with that hostnames?

Add the hostname on your pointing to the same ip and your error shoukd go away.
MX record is pointing to win... properly and I also imported certificate key properly. Here is what I have got

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

Server:  localhost

but there is still same problem to send out message.
Please understand that functionally while they all are related to a single server, hmailserver, each function is seperate

Outgoing sending, check the log to see why the issue exists make sure you can open a vonnection from the server using telnet (putty, securecrt, any other terminal to any external port 25 which is the destination port for outgoing connections.
Incoming mail, port 25, 465, 587 make sure you can connect to them locally. Then check whether you can connect to them from outside, if you can not connect to any of them, while able to RDP into the system, this means you have a firewall setup restricting access from outside
To access received messages by the server make sure you gave IMAP 143,993 accessible locally, and from outside
Same for pop3d type of access, 110,995 ports.

If all works locally on the server or in the LAN, but not outside, firewall configuration related issue.
You have a firewall configuration issue, ports open are 80, 443 the rest are not accessible on your public IP.

Work your way out.
Configure server.
Make sure all services you want to access are working locally and accessible directly from the server
then check whether those same services are accessible from a system on local LAN verifying each component service, if not connected, limit adjustment changes to just that component while repeating the server, lan test after each change, periodically rescanning the others to make sure a change made on one impacted the other, i.e. if you used one cert, and then decided to use another, make sure you do not remove the one you do not intend to use for a service, but might be used in the others.

never make wholesale server configuration changes to address client access issues which seems to be why you are back at an inoperable/inaccessible.

does the system where hmailserver is setup, does it have a static IP on the LAN or does it change?
Sorry, where to identify problem in ports (as I already have the TCP ports on the relevant ports in Firewall)? I applied the current certificate and key file in hMailserver but I still have got the same problem.User generated image
I do not know what you have, but those ports appear to be filtered and inaccessible.

Look at external port scan to see which ports are open especially whether 465, 587, 993, 995 and 25 are.

What firewall are you talking about, the one on the Windows server? And the one on which your ISP connection terminates?
Try port scan tool
Repeat until you see all responding as open.

Check your port 80 configuration on the public ip firewall, and make sure similar rules are set for the other ports.
Do you mean that all other mentioned ports should behave the same like port 80?
Avatar of arnold
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I've checked with ISP that no port is being blocked on the machine. What is the problem on ports?
Please use online port scanner.

Your ISP is not blocking it, your server firewall or a firewall/router is not passing traffic on the ports used by the hmailserver.

What and where you setup rules to allow web traffic is the what and where you need to make adjustments to allow these connections.
There is no specific firewall Inbound or outbound rules, which are affecting these ports. What to adjust on the firewall rules?