I also use TB for my Windoze e-mail clients and K-9 mail for android, both for their multi account features. In TB I relay out via the server on port 25 for the desktops and port 587 for the laptop. The android devices all relay out via port 587. My hope is that this way the sent folder remains in sync on all devices. It may anyway with direct sending but I've never tested it. I also have inbound 587 open (with user/pass) so I can relay through it when on the road.

Thanks Nick. I tried changing the port on Thunderbird's SMTP setup and got a timeout. Port 465 works fine. The connection security option is SSL/TLS, no breakout to select just one of the two. I have used Thunderbird for many years and will continue. One nice thing about using fetchmail is a good local backup on the zarafa server. Getting zarafa set up to send mail isn't a significant shortcoming. I will tinker with it after the holidays.

I did find that Zoho doesn't overwrite the headers so everything uses nextstepservices.com. For a free account for up to 25 users, supporting your own domain name, this seems to be a very nice email service.

Ben: Thanks for your input. I may take a look at Linode in the future. As we motorhome around the country it would be nice to not have to call my stepdaughter to run over and reboot the server!

A final note. I have used this service for myself and my corporate clients since Clark Connect. I have never found an organization and a user community as dedicated and helpful as Clearcenter and this forum. Thanks everyone for your help and have a great new year!

Hi John,

As you found, smtp on port 25 is out of the question because of your ISP.

I've looked on Zoho's site here and they support both port 465 and 587 which is good news. Postfix may have a problem with port 465. They only introduced compatibility with 465 somewhere in 2.10 or, perhaps, on the release of 2.11/3.x. The docs seem to indicate 3.x. You can still use 465 but I'd advise against it as you can use 587. If you really want to use 465, see this post. 587 is a better bet as it works natively. I linked to it earlier, but here it is again. It is also possible to set up sender dependent rules if you need to (if your mail relay rewrites the headers to to logged in user). What I don't know is if Zarafa uses Postfix or its own built in process for sending mail. I would not know how to configure Zarafa if it has its own process, but I think it uses postfix.

I think when you get it working, you should aim to send out mail from Outlook and Thunderbird via Zarafa to get the benefit of the imap sent items folder, rather than send directly to Zoho.

Nick

John,

We run some infrastructure (mirrors) with Digital Ocean, but for a quick (< 5 min) ClearOS instance in the cloud, I've used Linode - at $10/month, they are both competitive and competent. Select a CentOS 7 image, then run the script found here.

I feel bad about the pain you've gone though...if you need any help with setting up the Linode instance if you feel you want to go this route, ping me.

Cheers,

Ben

Trying a different direction... I created an account for nextstepservices.com on zoho (free). I pointed nextstepservices mx records to the appropriate soho mail server. I added a record to fetchmail to collect the next step emails to the ClearOS server. On Outlook and Thunderbird I set up the account to look at the email on ClearOS and the smtp server is set to zoho. Everything works for this configuration.

I cannot send email directly through zarafa. I set up the relay to smtp.zoho.com but mail isn't delivered. I tried appending :465 to the relay host name but the setup didn't like that. The SMTP server is trying to communicate on port 25 (/var/log/maillog). I went to the email notification setup, set up smtp.zoho.com, port 465, SSL encryption and my mail address and password.The notification test sent a test email just fine.

I suspect I need to change a config file for the SMTP server with the same information in the mail notification app. If that is the case, what file(s) need to be modified and in what fashion?

Unanswered issue. It does not look too promising. I don't know if the Digital Ocean installation works.

One last question and then I live with Gmail and fetchmail. If I were to install my ClearOS 7.2 on AWS or Digital Ocean I shouldn't have the port 25 issue. There is a howto on WikiSuite describing how to bring up Centos 7 on Digital Ocean and then upgrade it to ClearOS 7.2. Has anyone had experience with this? Getting info on Digital Ocean is a pain as they seem to not even let you into the site without entering credit card info. Has anyone had a better experience Digital Ocean?

I know nothing about zarafa.

If your downloading e-mail, where are you downloading it from? If it is gmail, you can compose e-mails from your network and relay out through gmail if you want. You need a bit more than the the relaying article I linked to earlier. You also need smtp_sender_dependent_authentication setting up in postfx with each e-mail account and password.

I uninstalled and reinstalled fetchmail. It is now downloading my email to zarafa. There were some old test messages in /var/spool/postfix/defer/ that I was trying to send to my backup Gmail account as a test. Postfix was diligent and kept trying to send them. Since I am only able to use zarafa to look at my fetchmail'd email, is there a way to disable composing/sending in zarafa so I don't fill up the maillog with error messages? I don't know if zarafa uses the smtp server to distribute mail within the accounts or if it can be shut down.

That is not fetchmail connecting. You'd see the "fetchmail" daemon name instead of postfix/smtp. Did you (re)start fetchmail and have you set up your gmail account to allow imap access?

I have a feeling your logs are from where you've tried sending some test messages, relaying through gmail.

I looked into the Gmail option (I have had a free gmail account as a backup for years). I just transferred the domain from Network Solutions to Clearcenter do I could use the dynamic dns service (and support Clearcenter). I have tried to set up fetchmail to retrieve mail from my gmail account. Here is my /etc/fetchmail file:

poll imap.gmail.com protocol imap username "jschaller327@gmail.com" password "mypassword" is "jschaller@localhost." here keep ssl
set daemon 300

Here is the latest entry from /var/log/maillog:

Dec 21 09:59:01 nss postfix/smtp[323]: connect to alt1.gmail-smtp-in.l.google.com[64.233.183.26]:25: Connection timed out
Dec 21 09:59:31 nss postfix/smtp[322]: connect to alt2.gmail-smtp-in.l.google.com[173.194.219.27]:25: Connection timed out
Dec 21 09:59:31 nss postfix/smtp[323]: connect to alt2.gmail-smtp-in.l.google.com[173.194.219.27]:25: Connection timed out
Dec 21 10:00:01 nss postfix/smtp[322]: connect to alt3.gmail-smtp-in.l.google.com[173.194.205.26]:25: Connection timed out
Dec 21 10:00:01 nss postfix/smtp[323]: connect to alt3.gmail-smtp-in.l.google.com[173.194.205.26]:25: Connection timed out
Dec 21 10:00:31 nss postfix/smtp[322]: connect to alt4.gmail-smtp-in.l.google.com[173.194.210.27]:25: Connection timed out
Dec 21 10:00:31 nss postfix/smtp[323]: connect to alt4.gmail-smtp-in.l.google.com[173.194.210.26]:25: Connection timed out
Dec 21 10:00:31 nss postfix/smtp[322]: AB5FA4009DFF7: to=<jschaller327@gmail.com>, relay=none, delay=172493, delays=172343/0.02/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[173.194.210.27]:25: Connection timed out)
Dec 21 10:00:31 nss postfix/smtp[323]: 8C8BA4009DFF8: to=<jschaller327@gmail.com>, relay=none, delay=170812, delays=170662/0.02/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[173.194.210.26]:25: Connection timed out)

Looks like fetchmail is also using port 25.

I have turned on imap and decreased security in my gmail account. Not sure why fetchmail is trying to connect on port 25 to access imap using ssl.

Pricing is per user (approx $5 per user per month) . You could register the domain with Google and let them manage email for nextstepservices.com (i.e. mail accounts become gmail addresses) or route non gmail email through the google relay

Title

Duncan Colhoun wrote:

Would creating a gsuite (Google Apps for work ) account work - then you could relay using the gmail relay?

You can then relay on port 25 or 465/587

Looking at their basic info, that may well work, if they can host the nextstepservices.com mail accounts. You could still pick the mail up onto your server with fetchmail and probably relay mail out from your server via google on port 587 (not 25 and I don't know if they support 465). There is clearly an attendant cost.

Would creating a gsuite (Google Apps for work ) account work - then you could relay using the gmail relay?

You can then relay on port 25 or 465/587

Fetchmail is more likely to be OK as it is not much different than you accessing something like gmail directly from your email client. It uses POP, POPS, IMAP and/or IMAPS, so not port 25. If using gmail or some other mail provider, you may have to relay out via their servers on either 587 or 465. I do it with gmail on 587. With Virginmedia it would be 465. 465 is potentially harder to do. I can't remember if this version of postfix supports 465 or if you have to use stunnel.

I would have thought you may be able to relay out via Frontier if you use their credentials but there is no guarantee they would not rewrite your from header.

I wonder if there are commercial relaying services for outbound e-mail? This is where I see an opportunity for Clear, but it won't help with inbound e-mail on port 25.

I have my A record as the base domain - howitts.co.uk, and the MX points to that. You could have the DNS Updater pointing to mail.nextstepservices.com but only that would be updated. It then follows that nextstepservices.com would have to be a CNAME record but then you risk the issue I had with work, rewriting your e-mail from of whatever@nextstepservices.com to whatever@mail.nextstepservices.com. It may be easiest to give in gracefully and have your MX record point to nextstepservices.com.

Thanks everyone for your suggestions. After three days on the phone with Frontier tech support they finally extorted $10.00 for premium support to tell me they block all traffic both ways on port 25. Only option is to go to a business account with a static IP for $100.00/month! Not worth it for two email accounts. Unless someone has another idea that doesn't involve port 25 I will look to using an external mail service. Yuck!

Would it be possible to use fetchmail to collect mail from gmail or does the port 25 issue still preclude this option.

Nick/Tony: It looks like the mx records need to point to an A record. How do I get dynamic dns to update that record along with the primary A record that shows dynamic ip?

Again, the people on this forum have helped on many occasions going back to Clark Connect. Kudos!

John

Thanks, Tony.

I know that when I moved my domain over to Clear and I needed to maintain my poweredbyclear.com FQDN (aggressive filtering at work), the poweredbyclear.com record was my A record and, aggressively, work rewrote the from on all my e-mails to @whatever.poweredbyclear.com which was a PITA. After some juggling by Clear I got my domain back to my A record rather than CNAME and it all started working again correctly.

http://www.netregistry.com.au/support/creating-mx-zone-records/
https://www.dnscheck.co/blog/dns-monitoring/2015/10/17/check-mx-records.html

I don't think MX records need to point to A records but then I'm no expert on this. Mine does, but it points to my base domain name.

All setting up port 587 will allow is for you to connect from your laptop/mobile/etc when you're on the road (so you can relay via your server or e-mail directly to other addresses on your server). To receive normal e-mail from the WAN you need to get port 25 working inbound.

See this article to relay via you ISP. In your case, as you want to relay via port 25 you can set the relay host in the webconfig. You don't need to edit main.cf for that one parameter (you do for the others).

Thanks Nick,

I have updated my DNS records. I have read that the MX records must point to an A record. That's why I set it up that way. I can access zarafa just fine. I opened up port 587 on the firewall and I can now telnet in to that port. Still no incoming email. I am on infinite hold for Frontier tech support. I have never used the Frontier email account so I will try to get log in information from them to see if relaying through their servers will work for outbound. Where do I set up the id and password to log in to Frontier's SMTP server?

Do I need to make changes to the zarafa setup? I plan to use Outlook 2016 with Activesync and Thunderbird as email clients.

In a different order from your post:
Firstly have your Dynamic DNS update nextstepservices.com without any subdomain.
Second make nss.nextstepservices.com and mail.nextstepservices.com CNAME records, not A records

This should sort your DNS

E-mail is another story.
There is a bug/feature in the ClearOS implementation such that SMTPS is always enabled. This uses port 465 which you could switch to instead of port 587. SMTPS was never ratified as a standard but its use is widespread. The "standards" way of securing SMTP is to use STARTTLS on port 587 as you tried and found not working. To enable it, add the following to /etc/postfix/master.cf:

submission inet n       -       n       -       -       smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

Then reload postfix.

Remember you also have to open the relevant incoming port as well.

What does concern me is you say Frontier block port 25. I've tried telnetting to your port 25 and failed so either you have not opened the port in the firewall or Frontier are blocking it. If Frontier are blocking it then you have a problem and will never be able to receive normal external e-mail. I also tried telnetting to 587 and again could not make contact. Again I don't know who is blocking it or if it is just because you have nothing listening there for the moment.

With regards sending mail out, if you relay via them, do they overwrite the sending e-mail address or do they leave it intact? If they leave it intact can you not still relay via their SMTP servers?

I did mention to Clearcenter a while back that with their Dynamic DNS/MX BackUp solution it would be great if they could provide an e-mail relay server for just the issue you are having. Some ISP's also block mail coming directly from a Dynamic IP. You may end up with this problem which is why a Clear mail relay server would be a very nice feature.

Current Status: It appears that my original issue was propagation delay. The strange website and ip that I was getting was apparently something coming from a not found when trying to go to nextstepservices.com. I can access my web page and connect to zarafa using webapp.I am doing this using a laptop and tethering on my phone.

I have set up a thunderbird account on the laptop using mail.nextstepservices.com on port 143 and mail.nextstepservices.com on port 587 for my outgoing. When I go into thunderbird I am prompted for my password on mail.nextstepservices.com I can log in successfully. I sent an email from the laptop to myself (jschaller@nextstepservices.com) and my wife @ nextstepservices.com from zarafa and both were delivered. I tried to send to myself from the laptop using thunderbird and I get an error that the connection to Outgoing server (SMTP) mail.nextstepservices.com timed out. /var/log/maillog shows:

Dec 19 10:59:42 nss postfix/smtp[2153]: 8C8BA4009DFF8: to=<jschaller327@gmail.com>, relay=none, delay=1563, delays=1412/0.02/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[173.194.211.26]:25: Connection timed out)


This is sending on port 25 which, it appears, Frontier blocks. Frontier is no help with trying to relay outbound through their smtp servers because I don't use the frontier.com email address they assigned me years ago.

I'm not sure why incoming mail from an external source is timing out on mail.nextstepservices.com.

I have spent much of the weekend searching the internet and the forums and have only gone further down the rabbit hole. Another complication, I have always used static IP for myself and my customers. Frontier no longer allows us to have static IP's. I am using dynamic dns and, when my assigned IP changed after rebooting my dsl modem, it updated the A record for nss.nextstepservices.com but not nextstepservices.com or mail.nextstepservices.com.

Here is my DNS setup at Clearcenter:
NS Records
ns1.clearsdn.com.
ns2.clearsdn.com.
ns3.clearsdn.com.
ns4.clearsdn.com.

A Records
nss.nextstepservices.com (Dynamic IP) 50.35.45.195
nextstepservices.com 50.35.45.195
mail.nextstepservices.com 50.35.45.195

CNAME Records
ftp.nextstepservices.com nextstepservices.com
www.nextstepservices.com nextstepservices.com

MX Records
mail.nextstepservices.com Priority: 10
mxbackup1.clearsdn.com Priority: 80
mxbackup2.clearsdn.com Priority: 80

TXT Records
No records found.

Note that I manually updated my A records to the correct IP address. Is there an issue with the order of the A records?

Sorry for the lengthy post but I wanted to give as much info as I could. Any suggestions moving forward very much appreciated.

I did an nslookup nextstepservices.com ns1.clearsdn.com using both my Frontier DSL account and a laptop using my at&t tethering. Both returned the correct IP address. Browsing to nextstepservices.com/webapp returns the invalid web page and pinging nextstepservices.com resolves to the incorrrect IP 141.8.225.31.

I will try to be patient and see if this corrects itself. I found it strange that the NS records that pointed to Network Solutions disappeared after the transfer and I had to manually enter the clearsdn nameservers. Is that normally what has to be done?

Hi John,

Yes...that's the URL I used/confirmed.

RE: Dynamic DNS...login to the dynamic DNS page on your ClearCenter account and select the right devices in the top right hand corner (if you have more than one) and confirm your domain...since you moved your domain to us, you don't want/need the *.poweredbyclear.com domain...update it with your own.

Make sure you have the dynamic DNS app installed from the Marketplace (back in Webconfig).

Ben

Thanks to both Nick and Ben for quick replies.

I am using a Frontier dsl account. Perhaps the dns information hasn't propogated to all of their nameservers yet. My IP hasn't changed from the ones in the dns records. I can access my zarafa account using the IP addreess / webapp. Ben, did you use nextstepservices.com/webapp?

I tried to update my dynamic dns to reflect nextstepservices,com without a subdomain but when I selected nextstepservices.com from the dropdown list I got the message:

An A record with this URL/Domain is already in use.

The dynamic dns config screen continues to show a subdomain of nss and a domain of poweredbyclear.com.

If I'm registered through Clearcenter do I not have to set this up? Is it handled for me?

Thanks......

Yes, I looked this morning and found no NS records. I added all four clearsdn nameservers. The whois info and dns records all appear to be correct:It is possible the I need to allow more time to propagate but that doesn't explain why a ping gives me the incorrect ip and the odd website shows up unless I suppose I may have some issue with my browser and if it can't find the website is routes to some flaky default. I will check further....

Domain Name: NEXTSTEPSERVICES.COM
Registrar: TUCOWS DOMAINS INC.
Sponsoring Registrar IANA ID: 69
Whois Server: whois.tucows.com
Referral URL: http://www.tucowsdomains.com
Name Server: NS1.CLEARSDN.COM
Name Server: NS2.CLEARSDN.COM
Name Server: NS3.CLEARSDN.COM
Name Server: NS4.CLEARSDN.COM
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Updated Date: 17-dec-2016
Creation Date: 02-aug-1999
Expiration Date: 02-aug-2018

NS Records
ns1.clearsdn.com.
ns2.clearsdn.com.
ns3.clearsdn.com.
ns4.clearsdn.com.

A Records
nextstepservices.com 50.34.102.101
mail.nextstepservices.com 50.34.102.101

CNAME Records
ftp.nextstepservices.com nextstepservices.com
www.nextstepservices.com nextstepservices.com

MX Records
mail.nextstepservices.com Priority: 10
mxbackup1.clearsdn.com Priority: 80
mxbackup2.clearsdn.com Priority: 80

TXT Records
No records found.

John,

I can hit your Zarafa webmail...either you did something to make a chance (and it's working now) or you may have to wait for a TTL timeout if you changed your IP.

Your domain has definitely not been hijacked.

Feel free to create a support ticket...we do check for urgent tickets in the queue over the weekend/off-hours...we just don't answer phones.

Ben

Have you checked your settings on your Clearcenter account for your domain? In particular, what are your NS records?

Also please raise a ticket if you have not already done so.