SysAdmin Pro - Email setup - "Connection timed out"

After getting endless complaints about “not getting voicemails,” I went ahead and have setup a special email server to handle this instead of using the default SMTP server on the system.

I get the SysAdmin Pro, do the setup, then tested it with a voicemail.It failed. Looking in /var/log/maillog/ on the PBX, it was complaining about self generated certificates on the mail server.

I took care of that by installing valid certificates, and now getting a new error:

Feb 20 11:19:54 FST-PBX postfix/error[25466]: D0790280122: to=[email protected], relay=none, delay=0.06, delays=0.04/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.mailserver.net[xxx.xxx.xx.xxx]:587: Connection timed out)

I can still ping the mail server, and using Outlook with another account shows the email server is functioning fine. Port 587 is a valid port on the email server , also

Any guidance on what may be wrong?

Well Step 1. What does the SMTP gateway server you setup show? Does it show the SMTP connection even being received? What do those logs show?

Step 2. When you do a telnet mail.server.name 587 what do you end up getting back? If you can connect you will have output to show you are connected and waiting for input to process.

Step 3: Did you actually set the PBX to use an SMTP relay? Because according to your log entry here there’s zero relay happening. This is still being sent directly from the PBX.

^^ That should be relay=mail.server.name (i.e. the server you’re trying to relay through) so that shows it’s still trying to send directly from the PBX.

When I do this without the port 587 , reports “Trying …”
Then finally spits out “telnet: connect to address xxx.xxx.xx.xxx: Connection timed out”
When I add the port 587, it immediately responds with “Unknown host”

The logs on the mail server are not showing a connect attempt.

And yes, there is an entry for the SMTP relay.

Well this is a big clue. So when you ping the mail server are you pinging the domain or the IP from the PBX? If you do the same command with just the IP and the port does it work?

I can ping both and get a response

Is there any firewall or iptables or anything on the SMTP server? So far a ping shows that ICMP traffic can get through but telnet is timing out, which is TCP. So is there anything blocking that?

Don’t complicate your testing with non standard ports. start with 25.
Also test from your desktop, not just the PBX.

You do know that 587 is the official alternate port to port 25 for SMTP? Most ISPs block the use of port 25 unless you’re using their SMTP server. This is done as protection from zombie bot attacks and other SMTP based spam attacks from compromised computers. Pretty much all hosting appliances/applications like cPanel, etc have this setup to be used because of the issues of port 25.

Plus @GeekBoy confirmed that when using Outlook and sending SMTP out the server port 587 works just fine. The testing attempts are coming back with timeout errors, the SMTP server isn’t even showing the attempts hit it.

No blocking here.

Since it is a commercial module, I went ahead and submitted a ticket.
Maybe they can figure this out directly than the constant guessing on what is going on.

I will post their answer here if they can figure it out. Thanks for any responses on this

All this is doing is modifying the main.cf for Postifx. You don’t need the commercial module for this. Do cat /etc/postfix/main.cf and show it here.

No, that is an assumption. He said he used Outlook. Nothing more. It is possible, but it is also not possible.

Also never stated is what kind of email server was setup.
We have no idea where the PBX is compared to the email server, nor if this was a distro install or some spin your own.

So, maybe this entire thing should start at the beginning instead of in the middle.

I confirmed Outlook is using that port, and picked it when doing the automatic setup.

And we did. This is why I had him check things via telnet because that part of how you can test your SMTP server for things like an open relay or if things are connecting and accepted properly. This is all part of standard SMTP testing.

I also pointed out that the maillog did not show a relay being sent and with the telnet commands returning a time out that means there is an issue with the connection for some reason. Either the FQDN isn’t being resolved right or something isn’t letting it through.

None of this has to do with it being the Distro or a manual install. This comes down to the Postfix configuration like any other Linux server out there that runs it. You don’t need System Admin (free or pro) to configure Postfix how you want to send mail from the system.

Everything I have laid out so far is proper troubleshooting. The only way this is a FreePBX problem is if System Admin isn’t updating main.cf properly for the settings.

I was doing that, but was having issues. The PBX kept sending the emails out as the user which was sending the emails, and not using the setup server credentials. So then since asterisk user is the one doing the voicemail emails, I created a user on the mail server named asterisk. Then oddly it was sending the emails to user [email protected], not using email user [email protected] to send the emails out.

That is when I decided to go with the commercial module

Again, this is all to do with the Postfix config. This is not a FreePBX issue. You would have to jump these hoops on any base Linux OS you install and want to use Postfix with. Again, I need to see your main.cf to tell what the issue is.

The support at Sangoma is already working on it so the main.cf will probably be changing few times, and since the Commercial Module is suppose to be making the correct configuration, and appears to not be doing that, it would probably be a FreePBX issue now.

Anyway, I had followed this guide

As long as it free, fine. The moment is becomes billable support hours, drop it. Again, this is a common issue I have dealt with on numerous PBX installs with things like Gmail and Office 365. This is a Postfix configuration issue on the PBX side and possibly a config issue on the SMTP relay side (not a 100% sure on that part). But using the wrong From or Sender name is a Postfix config issue.

It is included with the commercial modules.

I did get a response from support. They are not addressing the no response error. Instead they are trying to say it is an self signed certificated when it is not.

Anyway, support is doing some testing and saying they are getting this:

Here is the response when added back, they are not liking the self-signed certificate:

Feb 21 09:26:32 FST-PBX postfix/qmgr[1106]: 032AC28012B: from=<[email protected]>, size=523, nrcpt=1 (queue active)
Feb 21 09:26:32 FST-PBX postfix/smtp[1225]: certificate verification failed for mail.mydomain.net[xxx.xxx.xx.xxx]:587: untrusted issuer /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA.

Not sure how they are getting that as it is not self-signed. I did go ahead and put in a ticket to the issuer about the SSL.

Here is the bottom of main.cf

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_use_tls = yes
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = mail.mydomain.net:587
myhostname = pbx.mydomain.net
mydomain = mydomain.net
myorigin = mydomaint.net

Uhm, is the SMTP gateway setup to use TLS? And if so, what is the TLS port? Because 587 is the standard alternate SMTP port for non-TLS connections. Usually something like 465 is the TLS port for SMTP relays using TLS connections.

The certificate on the PBX is irrelevant for this. If you’re using TLS for SMTP relay then the SMTP server needs a valid TLS certificate.

I used IRedmail to set up the mail server,

Sangoma responded again saying it looks like the mail server is blocking as the PBX is sending too many attempts to send mail.

I guess I will have to look at changing that for now.