Ports 25, 465, 587 open in firewall but telnet connection refused

I have Cyberpanel 2.3.1 running on Ubuntu on a DigitalOcean droplet with UFW and DO’s cloud firewall enabled. I’ve setup the mailserver on subdomain mail.mydomain.com and added Let’s Encrypt SSL. I can receive email in (old) Outlook and I can send and (apparently) receive email in Thunderbird (even on port 465) and I can telnet POP3 on port 110, but I can’t do any of the following:

  1. telnet mail.mydomain.com on ports 25, 465, 587 - connect failed
  2. WordPress SMTP plugins return connection refused on ports 465 and 587
  3. Online tests like //email/testTo: return “connection refused” (this tool did work a few days ago!), and www.gmass.co/smtp-test says “No connection could be made because the target machine actively refused”

Ports 25, 465, 587 are all set to be open for tcp in both firewalls.

ssllabs.com returns a grade A for the SSL certificate.

Any ideas please (not just links to general topics please)?

You need to request open smtp port from DigitalOcean. By default they block port even you open it from your firewall.

When you are using digital ocean or vutr by default they blocked there email ports so you have to open a ticket to open these ports

I don’t think these telnet tests will work with SSL I think we have to use openssl to test.

I found an issue in the Postfix main.cf file, I had manually added the certificate files incorrectly using the smtpd_tls_chain_files parameter which is compatible with version 3.4 and above whereas I needed to use smtpd_tls_cert_file and smtpd_tls_key_file with my version 3.3. Ref: [Postfix] Configure SMTPS (Let's Encrypt) and Dovecot-SASL authentication

Now openssl s_client -connect mail.mydomain.com:465 returns 220, and returns CONNECTED for port 587. All looks good on //email/testTo too and the WordPress SMTP plugin email test appears to work. So I think I might have solved it!

Deleted my own brain fart in this spot