Postfix using 25 as default port for sending emails

I am running a cyberpanel server on digital ocean with Ubuntu 20.04 LTS. for about 1 month , I am not able to send emails through my websites. however I am able to receive emails in my account. whether I logged in to rainloop or connect my acocunt with SMTP on Mailspring/Thunderbird. I am not able to “send” emails.
While debugging I found out that while sending emails, the Postfix is using port 25 , which is disabled for outgoing by default in Digitalocean. so all my emails are connecting to xxx.xxx.xxx.xxx:25 which results in connection time out.
I added SSL to my email and it is showing no error except when i check it on checktls.com , the domain name in SSL is www.example.com. ( I had this SSL issue in websites as well in last cyberpanel verison)

I am not able to make POSTFIX to use 587 port or 465 (SSL) for mails.
I checked port 587 using telnet and its open, when I use port 25, it never shows any response except timed out error.

Is there any thing to solve my problem? I could use GMAIL smtp in my wordpress sites, but we are also using our email addresses for official communication also. so I need to solve this problem for ourselves.

Didn’t try but this seems to be a solution:

Thanks for reply, in meantime I already setup port 465 . but thee SSL installed using Cyberpanel has domain “www.example.com” . since this setting is invalid, postfix is using default port 25, its not using 587 or 465 due to SSL despite the fact that both rules are present in postfix configuration.

Are you sure SSL is issued correctly? Visit the mail domain and see if it has valid SSL, if not issue a valid SSL

To be able to send e-mails from your cyberpanel on hosts wich does not enable outgoing port 25, you need to use an external e-mail relay (such as mailgun, sendgrid, etc.)

Here’s a good tutorial on how you can setup your relay:

A good information: does not matter what and how you do, if you do not use an external relay, postfix seems to be “stuck” on port 25. Believe, I’ve tried to change it many times hehe

Hope it works!

no , the domain on certificate is “www.example.com” i think that is why postfix is not using port 465. I generated SSL using cyberpanel.

Generated using cyberpanel doesnt really mean it issued letsencrypt valid SSL… if SSL issue fails, cyberpanel will issue self signed SSL which will have example.com certificate.

Make sure you have configured DNS properly and not behind cloudflare proxy and then try to issue SSL and see if the SSL is valid.

show results for this.


![image|690x183](upload://zL7KvOROYit8v74deoF7FPXgOt3.png)

seconds lookup result
[000.000] DNS LOOKUPS
[000.007] SEARCHLIST 104.131.108.216,134.209.169.224,1.1.1.1,8.8.8.8,67.207.67.3
[000.010] MX (10) mail.xxxxxx.co
[000.010] MX (20) mail.xxxxxx.co
[000.011] MX:A–>mail.xxxxxx.co 143.198.xxx.xxx
[000.013] MX:A–>mail.xxxxxx.co 143.198.xxx.xxx
seconds test stage and result
[000.000] Trying TLS on mail.xxxxxx.co[143.198.xxx.xxx:25] (10)
[000.071] Server answered
[000.233] <‑‑ 220 xxxxxx.co ESMTP Postfix
[000.233] We are allowed to connect
[000.233] ‑‑> EHLO www11-do.CheckTLS.com
[000.302] <‑‑ 250-xxxxxx.co
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
[000.302] We can use this server
[000.302] TLS is an option on this server
[000.302] ‑‑> STARTTLS
[000.371] <‑‑ 220 2.0.0 Ready to start TLS
[000.371] STARTTLS command works on this server
[000.455] Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Certificate #1 of 1 (sent by MX):
Cert VALIDATION ERROR(S): self signed certificate
So email is encrypted but the recipient domain is not verified
Cert Hostname DOES NOT VERIFY (mail.xxxxxx.co != www.example.com)
So email is encrypted but the host is not verified
Not Valid Before: Mar 27 11:26:28 2021 GMT
Not Valid After: Mar 25 11:26:28 2031 GMT
subject= /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com
issuer= /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com
[000.457] > EHLO www11-do.CheckTLS.com
[000.593] <
250-xxxxxx.co
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
[000.593] TLS successfully started on this server
[000.593] > MAIL FROM:test@checktls.com
[000.663] <
250 2.1.0 Ok
[000.663] Sender is OK
[000.663] > QUIT
[000.733] <
221 2.0.0 Bye
seconds test stage and result
[000.000] Trying TLS on mail.xxxxxx.co[143.198.xxx.xxx:25] (20)
[000.068] Server answered
[000.292] <‑‑ 220 xxxxxx.co ESMTP Postfix
[000.293] We are allowed to connect
[000.293] ‑‑> EHLO www11-do.CheckTLS.com
[000.360] <‑‑ 250-xxxxxx.co
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
[000.360] We can use this server
[000.360] TLS is an option on this server
[000.360] ‑‑> STARTTLS
[000.427] <‑‑ 220 2.0.0 Ready to start TLS
[000.427] STARTTLS command works on this server
[000.506] Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Certificate #1 of 1 (sent by MX):
Cert VALIDATION ERROR(S): self signed certificate
So email is encrypted but the recipient domain is not verified
Cert Hostname DOES NOT VERIFY (mail.xxxxxx.co != www.example.com)
So email is encrypted but the host is not verified
Not Valid Before: Mar 27 11:26:28 2021 GMT
Not Valid After: Mar 25 11:26:28 2031 GMT
subject= /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com
issuer= /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com
[000.508] > EHLO www11-do.CheckTLS.com
[000.639] <
250-xxxxxx.co
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
[000.639] TLS successfully started on this server
[000.639] > MAIL FROM:test@checktls.com
[000.710] <
250 2.1.0 Ok
[000.710] Sender is OK
[000.710] > QUIT
[000.777] <
221 2.0.0 Bye

can you explain what to configure in DNS. no I am not behind cloudflare. before upgrading to Cyberpanel v2. I had same issues with normal domains… someone here told me to upgrade cyberpanel which solved the issue with invalid SSL to domains. now this is happening only with “Mailserver SSL”.

Can you private message me the dns details?