My web server and mail server are one in the same and are on an AWS server. I set up postfix to route email to from my domain to my ISP email address. It has worked fine for many months. Recently, an SSL certificate was installed for my webserver and now I am unable to receive email. However I can still send email from the linux user account for which mail should be forwarded just fine. AWS is set up to receive SMTP connections on port 25 and SMTPS on port 465. I'm pretty sure the problem is with the SSL certificate, but not sure of the exact issue. It is a wild card SSL Cert. Any ideas?
I simply just restarted the server. That worked for me.
Related
I have successfully deployed my spring boot app to Compute Engine on ubuntu 18.04, it is behind Nginx proxy but currently Nginx is listening to 80 port, which is http. I need to set up secure connection. I have question about few details, im new to this, all i've done so far is write spring boot/react js apps on windows, in IDE.
Is it necessary to buy a domain for my compute engine or I can just make SSL for the external ip of compute engine ? On compute
engine only the back end rest api is deployed, the front end is on
Netlify and it's already working. I don't need a good sounding
domain name for back end because user won't see it, only front end
app will use the external ip of my compute engine to fetch data
from back end.
I have seen guides that set up SSL in the setting of Nginx, why is that ? Isn't the request first coming to the compute engine's external ip and only after that to Nginx ? Isn't it the job of compute engine to do secure connection by sending public key&certificate to front end and only then relay the request to Nginx ? Or does compute engine simply relay the https request that comes to it to Nginx right away, without securing it/doing any key&certificate sending ?
You can give some advice if you have any, i'm just trying to make a secure connection to my back end spring boot app which is behind Nginx on google compute engine, which currently works only with HTTP but not HTTPs.
1. Technically you're able to have SSL certificate for public IP, but it's rarely used. More details you can find in RFC 5280 and in this question.
Keep in mind that if your IP address changes your SSL certificate become useless.
I've checked a few SSL providers and found that you should be the owner of the IP to obtain such SSL certificate:
accordingly to the article Using an IP Address in an SSL Certificate posted by geocerts:
If you decide that you really need an IP in your cert there are
specific stipulations, conditions, and limitations to consider. The
biggest hurdle for most folks is that the IP address must be
specifically assigned to your company or organization (not your ISP or
hosting provider) as verified by an IP WHOIS lookup.
accordingly to the article Issuing SSL certificate for an IP address by LeaderSSL:
Quite frequent question: is it possible to issue an SSL certificate
for an IP address (and not for a domain name)? Yes, it is possible.
However, there are several requirements:
Only OV SSL certificates can be issued;
The company must own IP address (validation based on WHOIS information of IP-addresses).
same in the article WHAT IS AN IP ADDRESS SSL CERTIFICATE?:
An IP address SSL certificate secures connections directly with the IP
address submitted. Whereas typically an SSL certificate is issued to a
Fully Qualified Domain Name (FQDN), some organisations may need to
secure an IP address.
Only public IP addresses may be used and you must be the owner of the
IP address according to the records at RIPE.
As result, practically, it's almost not possible in case of GCE VM instance and it's easier to proceed with domain certificate.
2. In GCE all the connections to the external IP of VM instance passed through directly to the VM instance. GCE isn't able to secure connections on it's own. You should configure SSL certificate on VM instance. More details you can find in the documentation VPC network overview and IP Addresses.
In addition, you're able to use Google-managed SSL certificates or own SSL certificates on external HTTP(S) load balancers.
i am using Postman SMTP in wordpress and getting this error.
✅ 🔒 Port 443 can be used with the Mandrill API.
✅ 🔒 Port 443 can be used with the Gmail API.
✅ 🔒 Port 443 can be used with the SendGrid API.
❌ No outbound route between this site and the Internet on Port 465.
❌ No outbound route between this site and the Internet on Port 587.
❌ No outbound route between this site and the Internet on Port 25.
A test with "No" Service Available indicates one or more of these issues:
Your web host has placed a firewall between this site and the Internet
The SMTP hostname is wrong or the mail server does not provide service on this port
Your PHP configuration is preventing outbound connections
Your WordPress configuration is preventing outbound connections
and here is screenshot
enter image description here
Please help and let me know what is issue.
Thankyou
I've got postfix setup and running on my production server. Rather than installing another copy on my dev machine i'd like to just use the production server to send email in testing, but i'm getting "Relay access denied" errors. How do I configure postfix to allow outgoing mail from a different (my specific machine, not just any random ip of course) machine?
Does it have something to do with the relayhost param in main.cf? If so what do I add there? Any other settings need to be configured?
I just had to add my local ip to the mynetworks param.
mynetworks = a.b.c.d, .e.f.g.h
I was getting confused about using relay instead. Apparently relay is to tell postfix to use a different ip to send messages. What I needed was to tell it to accept outgoing from a different ip.
I try to host my website for learning, on a CentOS free VPS (no support).
I’m allowed to access Apache service via IPv4 by adding a custom port.
Using the format below, I can access the server with my browser.
e.g. 12345 is my custom port that I created for default port 80:
http://xxx.xxx.xxx.xxx:12345
But I cannot access my hosted website http://mywebsite.com (‘the webpage is not available’).
I’ve created the proper DNS record on my DNS provider, and pointed the domain name to the free VPS server IPv6 address (through CloudFlare).
Note: My ISP doesn't provide IPv6 connection and the IP is not ICMP pingable (I can’t create IPv6 tunnel).
Here is my telnet test communication result (not my real IPv6 address):
[root#myserver ~]# telnet mywebsite.com 80
Trying 1a12:1234:1:1::1:1a23...
Connected to mywebsite.com.
Escape character is '^]'.
Connection closed by foreign host.
[root#myserver ~]#
Why I can’t access my website: http://mywebsite.com ?
Okay.., what fixed it was adding on Cloudflare a 'CNAME' record in addition to the existing 'AAAA' record.
Hope this help someone.
I have a problem accessing my website created using Visual Studio on my local pc.
The pc is using Windows 7 and a static ip address has been configured. I have added a hostname "192.168.0.1 hosts myweb.mylocal.com" on c:\windows\system32\driver\etc.
On IIS I have configured the binding myweb.mylocal.com with impersonation set enabled and windows authentication is enabled.
The user login just keeps prompting even though I have entered the correct username and password.
Yea 192...* is router reserved IP.
I had the same issues with Windows 7 and and its due to IPV6.
Try disabling the IPv6 Protocol in "Control Panel\Network and Internet\Network Connections" and right clicking your stablished connection to your router, unticking the IPv6 and leaving the IPv4 selected to see if that will make a difference.;
Your local IP is more than likly :::1 or something along then lines!
-- Update
Where you have set you ip 192.168.0.1 to route to your local domain, try setting it to 127.0.0.1 so that it loops to itself and not via the gateway, Or you can leave it as it is and add the rule to your router to send traffic from the HTTP Port 80 to your PC.