asked on Problem to config
Hi,
On hMailserver, I have
![36g.png]()
![36h.png]()
but now it is leading to problem below
![36f.png]()
when sending out mail (within server). Before this, it was fine to send out mail on server
On hMailserver, I have
but now it is leading to problem below
when sending out mail (within server). Before this, it was fine to send out mail on server
Email ServersEmail ProtocolsServer SoftwareEmail Software
Last Comment
Peter Chan
what did you change?
ASKER
Apply the certificate only
I've not used that particular mail server, but the configuration in the snapshots you've uploaded don't look complete to me. Why have the IP/TCP fields been left at 0.0.0.0 ?
Please note the error is a failure to connect to win-Apiufd1njeu.searchhous
What does it resolve to?
Nslookup win-Apiufd1njeu.searchhous
Note all the certificates you are using seem to be www.searchhouselive.com
Try the following using internet explorer
HTTPS://win-Apiufd1njeu.searchhouselive.com:465 and see what you get.
Potentially there is no resolution.
Please note 0.0.0.0 in the config meAns it listens on all network adapters the system has active and all iOS the system may have on the 995, 465 .......
What does it resolve to?
Nslookup win-Apiufd1njeu.searchhous
Note all the certificates you are using seem to be www.searchhouselive.com
Try the following using internet explorer
HTTPS://win-Apiufd1njeu.searchhouselive.com:465 and see what you get.
Potentially there is no resolution.
Please note 0.0.0.0 in the config meAns it listens on all network adapters the system has active and all iOS the system may have on the 995, 465 .......
ASKER
Thanks to all.
I put the relevant IP instead of 0.0.0.0 below (and have also re-started hMailserver)
![36j.png]()
and have put WIN-APIUFD1NJEU.SearchHous
![36i.png]()
as server hostname in above, but I am still getting the same problem. Is it there problem to server setup?
I put the relevant IP instead of 0.0.0.0 below (and have also re-started hMailserver)
and have put WIN-APIUFD1NJEU.SearchHous
as server hostname in above, but I am still getting the same problem. Is it there problem to server setup?
There absolutely no reason to put your public ip in the config for any service as it is highly unlikely that your system is directly exposed to the Internet.
Run ipconfig in a command window or properties of the network, detail.
The IP you set in the config MUST be present on the system as the setting tells the service to bind to ip port.
My comment about the 0.0.0.0 in the original picture is to provide a detailed explanation of what the configuration means.
That in no way meant that you shoukd make changes to the config.
Your issue from the error is that wherever the source of the error tries to access the hostname reported in the error.
Making sure you use the correct hostname that matches the names available in the certificate pointing to the IP you control....
Run ipconfig in a command window or properties of the network, detail.
The IP you set in the config MUST be present on the system as the setting tells the service to bind to ip port.
My comment about the 0.0.0.0 in the original picture is to provide a detailed explanation of what the configuration means.
That in no way meant that you shoukd make changes to the config.
Your issue from the error is that wherever the source of the error tries to access the hostname reported in the error.
Making sure you use the correct hostname that matches the names available in the certificate pointing to the IP you control....
The process of setting up servers is:
1) setup, configure server taking into account of hostnames.
2) test locally on the server to make sure all services are functioning as expected. Once confirmed that services and connection on the LAN ip work as intended including SSL/tls, make no further changes, alteration on the server, in this case hmailserver.
The server setup is complete if your setup, certificate relies on a single hostname, stick with this setup until the certificate expiration or
3) when working in fluent configuration, the automatic detection in many email clients are for well known domains of large organizations. You shoukd be comfortable configuring an account for an email client in a computer, or smartphone and not rely or expect the automatic detection, setup to do it.
Incoming mail server (IMAP):
Incoming mail server (POP3d):
Outgoing SMTP mail server:
The options you support insecure/secure for the respective services
25/465/587 standard, SSL, alternate unencrypted
143/993
110/995
The hostnames in a small environment can be pointing to a single host.
The large firms use different hosts because they have a set of server that handle specific tasks to deal with scale.
These large organizations use loadbalancer that distribute requests among servers.
I am uncertain since the first question on configuring hmailserver you keep changing server settings when you are configuring client setting.
Not sure what the source or why you are not maintaing the same referenced, or if you are trying to get the email client auto config, why you injecting new names I.e. Win-.........
In your current setup, the hostnames for all services when configuring email clients should match the certificate.
Incoming (IMAP): www.searchhouselive.com (this is the name on the certificate for SSL without getting errors)
incoming (POP3D): www.searchhouselive.com (this is the name on the certificate for SSL without getting errors)
Outgoing (SMTP): www.searchhouselive.com (this is the name on the certificate for SSL without getting errors)
Reverse your hmailserver setup to listen on all IPs for each service by using 0.0.0.0 instead of the ip you now have.
If you are not able to access your mailserver using an email client outside your network, you have to check your firewall settings to make sure you allow requests to public ip ports 25, 110, 143, 465, 587 to go to the LAN ip where these services run
25 must be open to allow inbound messages for your recipients sent from everywhere else
143,110 commonly shoukd not be allowed as the connection is unencrypted such that data is in plain text
993,995 for secure IMAP/pop3d
1) setup, configure server taking into account of hostnames.
2) test locally on the server to make sure all services are functioning as expected. Once confirmed that services and connection on the LAN ip work as intended including SSL/tls, make no further changes, alteration on the server, in this case hmailserver.
The server setup is complete if your setup, certificate relies on a single hostname, stick with this setup until the certificate expiration or
3) when working in fluent configuration, the automatic detection in many email clients are for well known domains of large organizations. You shoukd be comfortable configuring an account for an email client in a computer, or smartphone and not rely or expect the automatic detection, setup to do it.
Incoming mail server (IMAP):
Incoming mail server (POP3d):
Outgoing SMTP mail server:
The options you support insecure/secure for the respective services
25/465/587 standard, SSL, alternate unencrypted
143/993
110/995
The hostnames in a small environment can be pointing to a single host.
The large firms use different hosts because they have a set of server that handle specific tasks to deal with scale.
These large organizations use loadbalancer that distribute requests among servers.
I am uncertain since the first question on configuring hmailserver you keep changing server settings when you are configuring client setting.
Not sure what the source or why you are not maintaing the same referenced, or if you are trying to get the email client auto config, why you injecting new names I.e. Win-.........
In your current setup, the hostnames for all services when configuring email clients should match the certificate.
Incoming (IMAP): www.searchhouselive.com (this is the name on the certificate for SSL without getting errors)
incoming (POP3D): www.searchhouselive.com (this is the name on the certificate for SSL without getting errors)
Outgoing (SMTP): www.searchhouselive.com (this is the name on the certificate for SSL without getting errors)
Reverse your hmailserver setup to listen on all IPs for each service by using 0.0.0.0 instead of the ip you now have.
If you are not able to access your mailserver using an email client outside your network, you have to check your firewall settings to make sure you allow requests to public ip ports 25, 110, 143, 465, 587 to go to the LAN ip where these services run
25 must be open to allow inbound messages for your recipients sent from everywhere else
143,110 commonly shoukd not be allowed as the connection is unencrypted such that data is in plain text
993,995 for secure IMAP/pop3d
ASKER
Thanks a lot.
I am nearly finishing the steps to apply new certificate (using WIN-APIUFD1NJEU.SearchHous
I am nearly finishing the steps to apply new certificate (using WIN-APIUFD1NJEU.SearchHous
Why get additional certificates on a single host especially a non-standard and one clearly identifying the host for is type.
Commonly one uses generic host that about identifying to minimize/reduce attack vectors
I.e. You do not want in effect a billboard, hey Windows system here.
Or one that has or might be location info, geographic area...
A generic certificate can be exported, imported and used ......
But glad you are near completing your ...
Commonly one uses generic host that about identifying to minimize/reduce attack vectors
I.e. You do not want in effect a billboard, hey Windows system here.
Or one that has or might be location info, geographic area...
A generic certificate can be exported, imported and used ......
But glad you are near completing your ...
ASKER
I apply new certificate below (by also change IP of TCP/IP ports)
![36r.png]()
but I still have problem on server
![36s.png]()
but I still have problem on server
Unfortunately your images convey info that an error exists. The scenario, setup, environment under which circumstances these errors show up is unclear.
What is the source of the error?
on the system, setup where the error shows up:
nslookup the reference
ping the ip from the response
What is the local ip of the system where the error is displayed?
What type of certificate are you getting?
Main point is you are seemingly altering your client configuration dealing what hostname the client program uses to connect to your server, post the error, get an interpretation/impression of the meaning of the error, you go out and get certificate on the new hostname.
There are different types of certificates, that include definition of functions as well as othe hostnames (SAN) the certificate might be valid for.
The error says that whatever generated it is unable to connect to the specified host
There is no way for me to know whether the issue is that the system on which this error shows up can not resolve (nslookup) the host.
If it can resolve, what port it is trying to connect to and whether that port is opened on the system (nail server)
What is the source of the error?
on the system, setup where the error shows up:
nslookup the reference
ping the ip from the response
What is the local ip of the system where the error is displayed?
What type of certificate are you getting?
Main point is you are seemingly altering your client configuration dealing what hostname the client program uses to connect to your server, post the error, get an interpretation/impression of the meaning of the error, you go out and get certificate on the new hostname.
There are different types of certificates, that include definition of functions as well as othe hostnames (SAN) the certificate might be valid for.
The error says that whatever generated it is unable to connect to the specified host
There is no way for me to know whether the issue is that the system on which this error shows up can not resolve (nslookup) the host.
If it can resolve, what port it is trying to connect to and whether that port is opened on the system (nail server)
ASKER
Before I tried to apply certificate, Thunderbird did work fine (with hmailserver) on server machine.
Now I've tried to recover it, like
![36t.png]()
which is same domain name like A record.
but I still have this issue
![36u.png]()
Now I've tried to recover it, like
which is same domain name like A record.but I still have this issue
I do not know what changes you made in relation to the client on the server.
Did you update the client settings to match the new certificate, ports you use
Instead of 25, 110, 143
To use SSL under advanced, 465, 995, 993?
Did you update the client settings to match the new certificate, ports you use
Instead of 25, 110, 143
To use SSL under advanced, 465, 995, 993?
ASKER
Hi,
I now do not use the new certificate. As I said, previously everything was fine on server to send out message, do you know the reason, per the error shown, in my previous reply.
I now do not use the new certificate. As I said, previously everything was fine on server to send out message, do you know the reason, per the error shown, in my previous reply.
The hostname does not exist
nslookup win-......
returns no information.
nslookup win-......
returns no information.
ASKER
Hi,
I am using the below one instead:
I am using the below one instead:
C:\Users\Administrator>nslookup SearchHouseLive.com
Server: localhost
Address: ::1
Non-authoritative answer:
Name: SearchHouseLive.com
Address: 182.173.77.220
Please note the error references a hostname that is not housesearchlive.com
This hostname, win- was also included in images of a client config.
It looks like you made some changes that thunderbird loaded win-adi..... As a hostname and it is being accessed and fails.
Please see error that says failed to connect to <hostname> (SMTP)
If you did not intend it, why get a certificate with that hostnames?
Add the hostname on your searchhouselive.com pointing to the same ip and your error shoukd go away.
This hostname, win- was also included in images of a client config.
It looks like you made some changes that thunderbird loaded win-adi..... As a hostname and it is being accessed and fails.
Please see error that says failed to connect to <hostname> (SMTP)
If you did not intend it, why get a certificate with that hostnames?
Add the hostname on your searchhouselive.com pointing to the same ip and your error shoukd go away.
ASKER
MX record is pointing to win... properly and I also imported certificate key properly. Here is what I have got
Microsoft Windows [Version 6.1.7601]but there is still same problem to send out message.
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>nslookup WIN-APIUFD1NJEU.SearchHous eLive.com
Server: localhost
Address: 127.0.0.1
Name: WIN-APIUFD1NJEU.SearchHouseLive.com
Address: 182.173.77.220
Please understand that functionally while they all are related to a single server, hmailserver, each function is seperate
Outgoing sending, check the log to see why the issue exists make sure you can open a vonnection from the server using telnet (putty, securecrt, any other terminal to any external port 25 which is the destination port for outgoing connections.
Incoming mail, port 25, 465, 587 make sure you can connect to them locally. Then check whether you can connect to them from outside, if you can not connect to any of them, while able to RDP into the system, this means you have a firewall setup restricting access from outside
To access received messages by the server make sure you gave IMAP 143,993 accessible locally, and from outside
Same for pop3d type of access, 110,995 ports.
If all works locally on the server or in the LAN, but not outside, firewall configuration related issue.
Outgoing sending, check the log to see why the issue exists make sure you can open a vonnection from the server using telnet (putty, securecrt, any other terminal to any external port 25 which is the destination port for outgoing connections.
Incoming mail, port 25, 465, 587 make sure you can connect to them locally. Then check whether you can connect to them from outside, if you can not connect to any of them, while able to RDP into the system, this means you have a firewall setup restricting access from outside
To access received messages by the server make sure you gave IMAP 143,993 accessible locally, and from outside
Same for pop3d type of access, 110,995 ports.
If all works locally on the server or in the LAN, but not outside, firewall configuration related issue.
You have a firewall configuration issue, ports open are 80, 443 the rest are not accessible on your public IP.
Work your way out.
Configure server.
Make sure all services you want to access are working locally and accessible directly from the server
then check whether those same services are accessible from a system on local LAN verifying each component service, if not connected, limit adjustment changes to just that component while repeating the server, lan test after each change, periodically rescanning the others to make sure a change made on one impacted the other, i.e. if you used one cert, and then decided to use another, make sure you do not remove the one you do not intend to use for a service, but might be used in the others.
never make wholesale server configuration changes to address client access issues which seems to be why you are back at an inoperable/inaccessible.
does the system where hmailserver is setup, does it have a static IP on the LAN or does it change?
Work your way out.
Configure server.
Make sure all services you want to access are working locally and accessible directly from the server
then check whether those same services are accessible from a system on local LAN verifying each component service, if not connected, limit adjustment changes to just that component while repeating the server, lan test after each change, periodically rescanning the others to make sure a change made on one impacted the other, i.e. if you used one cert, and then decided to use another, make sure you do not remove the one you do not intend to use for a service, but might be used in the others.
never make wholesale server configuration changes to address client access issues which seems to be why you are back at an inoperable/inaccessible.
does the system where hmailserver is setup, does it have a static IP on the LAN or does it change?
ASKER
Sorry, where to identify problem in ports (as I already have the TCP ports on the relevant ports in Firewall)? I applied the current certificate and key file in hMailserver but I still have got the same problem.![37e.png]()
I do not know what you have, but those ports appear to be filtered and inaccessible.
Look at external port scan to see which ports are open especially whether 465, 587, 993, 995 and 25 are.
What firewall are you talking about, the one on the Windows server? And the one on which your ISP connection terminates?
Look at external port scan to see which ports are open especially whether 465, 587, 993, 995 and 25 are.
What firewall are you talking about, the one on the Windows server? And the one on which your ISP connection terminates?
Try t1shopper.com port scan tool
Specify
25,80,443,465,587,993.995
Repeat until you see all responding as open.
Check your port 80 configuration on the public ip firewall, and make sure similar rules are set for the other ports.
Specify
25,80,443,465,587,993.995
Repeat until you see all responding as open.
Check your port 80 configuration on the public ip firewall, and make sure similar rules are set for the other ports.
ASKER
Thanks.
Do you mean that all other mentioned ports should behave the same like port 80?
Do you mean that all other mentioned ports should behave the same like port 80?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I've checked with ISP that no port is being blocked on the machine. What is the problem on ports?
Please use online port scanner.
Your ISP is not blocking it, your server firewall or a firewall/router is not passing traffic on the ports used by the hmailserver.
What and where you setup rules to allow web traffic is the what and where you need to make adjustments to allow these connections.
Your ISP is not blocking it, your server firewall or a firewall/router is not passing traffic on the ports used by the hmailserver.
What and where you setup rules to allow web traffic is the what and where you need to make adjustments to allow these connections.
ASKER
There is no specific firewall Inbound or outbound rules, which are affecting these ports. What to adjust on the firewall rules?