Postfix using 25 as default port for sending emails

I am running a cyberpanel server on digital ocean with Ubuntu 20.04 LTS. for about 1 month , I am not able to send emails through my websites. however I am able to receive emails in my account. whether I logged in to rainloop or connect my acocunt with SMTP on Mailspring/Thunderbird. I am not able to “send” emails.
While debugging I found out that while sending emails, the Postfix is using port 25 , which is disabled for outgoing by default in Digitalocean. so all my emails are connecting to xxx.xxx.xxx.xxx:25 which results in connection time out.
I added SSL to my email and it is showing no error except when i check it on checktls.com , the domain name in SSL is www.example.com. ( I had this SSL issue in websites as well in last cyberpanel verison)

I am not able to make POSTFIX to use 587 port or 465 (SSL) for mails.
I checked port 587 using telnet and its open, when I use port 25, it never shows any response except timed out error.

Is there any thing to solve my problem? I could use GMAIL smtp in my wordpress sites, but we are also using our email addresses for official communication also. so I need to solve this problem for ourselves.

Didn’t try but this seems to be a solution:

Thanks for reply, in meantime I already setup port 465 . but thee SSL installed using Cyberpanel has domain “www.example.com” . since this setting is invalid, postfix is using default port 25, its not using 587 or 465 due to SSL despite the fact that both rules are present in postfix configuration.

Are you sure SSL is issued correctly? Visit the mail domain and see if it has valid SSL, if not issue a valid SSL

To be able to send e-mails from your cyberpanel on hosts wich does not enable outgoing port 25, you need to use an external e-mail relay (such as mailgun, sendgrid, etc.)

Here’s a good tutorial on how you can setup your relay:

A good information: does not matter what and how you do, if you do not use an external relay, postfix seems to be “stuck” on port 25. Believe, I’ve tried to change it many times hehe

Hope it works!

no , the domain on certificate is “www.example.com” i think that is why postfix is not using port 465. I generated SSL using cyberpanel.

Generated using cyberpanel doesnt really mean it issued letsencrypt valid SSL… if SSL issue fails, cyberpanel will issue self signed SSL which will have example.com certificate.

Make sure you have configured DNS properly and not behind cloudflare proxy and then try to issue SSL and see if the SSL is valid.

show results for this.


![image|690x183](upload://zL7KvOROYit8v74deoF7FPXgOt3.png)

seconds lookup result
[000.000] DNS LOOKUPS
[000.007] SEARCHLIST 104.131.108.216,134.209.169.224,1.1.1.1,8.8.8.8,67.207.67.3
[000.010] MX (10) mail.xxxxxx.co
[000.010] MX (20) mail.xxxxxx.co
[000.011] MX:A–>mail.xxxxxx.co 143.198.xxx.xxx
[000.013] MX:A–>mail.xxxxxx.co 143.198.xxx.xxx
seconds test stage and result
[000.000] Trying TLS on mail.xxxxxx.co[143.198.xxx.xxx:25] (10)
[000.071] Server answered
[000.233] <‑‑ 220 xxxxxx.co ESMTP Postfix
[000.233] We are allowed to connect
[000.233] ‑‑> EHLO www11-do.CheckTLS.com
[000.302] <‑‑ 250-xxxxxx.co
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
[000.302] We can use this server
[000.302] TLS is an option on this server
[000.302] ‑‑> STARTTLS
[000.371] <‑‑ 220 2.0.0 Ready to start TLS
[000.371] STARTTLS command works on this server
[000.455] Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Certificate #1 of 1 (sent by MX):
Cert VALIDATION ERROR(S): self signed certificate
So email is encrypted but the recipient domain is not verified
Cert Hostname DOES NOT VERIFY (mail.xxxxxx.co != www.example.com)
So email is encrypted but the host is not verified
Not Valid Before: Mar 27 11:26:28 2021 GMT
Not Valid After: Mar 25 11:26:28 2031 GMT
subject= /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com
issuer= /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com
[000.457] > EHLO www11-do.CheckTLS.com
[000.593] <
250-xxxxxx.co
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
[000.593] TLS successfully started on this server
[000.593] > MAIL FROM:[email protected]
[000.663] <
250 2.1.0 Ok
[000.663] Sender is OK
[000.663] > QUIT
[000.733] <
221 2.0.0 Bye
seconds test stage and result
[000.000] Trying TLS on mail.xxxxxx.co[143.198.xxx.xxx:25] (20)
[000.068] Server answered
[000.292] <‑‑ 220 xxxxxx.co ESMTP Postfix
[000.293] We are allowed to connect
[000.293] ‑‑> EHLO www11-do.CheckTLS.com
[000.360] <‑‑ 250-xxxxxx.co
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
[000.360] We can use this server
[000.360] TLS is an option on this server
[000.360] ‑‑> STARTTLS
[000.427] <‑‑ 220 2.0.0 Ready to start TLS
[000.427] STARTTLS command works on this server
[000.506] Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Certificate #1 of 1 (sent by MX):
Cert VALIDATION ERROR(S): self signed certificate
So email is encrypted but the recipient domain is not verified
Cert Hostname DOES NOT VERIFY (mail.xxxxxx.co != www.example.com)
So email is encrypted but the host is not verified
Not Valid Before: Mar 27 11:26:28 2021 GMT
Not Valid After: Mar 25 11:26:28 2031 GMT
subject= /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com
issuer= /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com
[000.508] > EHLO www11-do.CheckTLS.com
[000.639] <
250-xxxxxx.co
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
[000.639] TLS successfully started on this server
[000.639] > MAIL FROM:[email protected]
[000.710] <
250 2.1.0 Ok
[000.710] Sender is OK
[000.710] > QUIT
[000.777] <
221 2.0.0 Bye

can you explain what to configure in DNS. no I am not behind cloudflare. before upgrading to Cyberpanel v2. I had same issues with normal domains… someone here told me to upgrade cyberpanel which solved the issue with invalid SSL to domains. now this is happening only with “Mailserver SSL”.

Can you private message me the dns details?

Sorry for reviving this topic but I am continuoulsy having issues with SSL , domains and emails.
I have now 2 setups of Cyperpanel on digital ocean.
After this much time I have some findings about my issues

  • My websites on old Cyberpanel did not have SSL

    • They had SSL but it was self-signed, domain authority was invalid. upgrading to CP 2.2 solved the issue in old Cpanel.
    • They had mail issues because
      1. sites were behind cloudflare SSL ( temporary solution for websites having above SSL issue)
      2. port 25 was blocked ( as I said in main thread title)
    • I solved email issue temporarily by using GMAIL smtp
  • Now for new Cyberp installation

    • Sites have same SSL issue, self-signed, invalid domain authority (solved it by putting behind cloudflare)
    • Sites had same email issue I did following to solve
      1. added a mail server mail..com
      2. since main domain was behind proxy, I did not put it behind
      3. Domain was from 3rd pary provider, so all DNS records were coming from there. added DMARC, CNAME, SPF, MX records in 3rd party and used this tool (mxtoolbox.com) to check records, all were coming good except smtp because it was using port 25 for testing .
      4. I followed this (Setup External SMTP on Google Cloud Platform (GCP)) to enable 2525 port.

So in the end. when I use an SMTP plugin for wordpress, and use mail..com as host but still not working.

  • Using TLS → shows misconfigured certificate (adding screenshot)
  • using SSL → shows misconfigured certificate (adding screenshot)
  • using No SSL/TLS → send emails but does not receive. attaching a screenshot of MAIL LOG in Cyberpanel.

now my question is. WHY this SSL does not work correctly? If I use certbot I could assign manual certificates but they don’t update automatically and I cant create 5 to 10 or more certificates every 3 months

Mail log :

SMTP with SSL/TLS returns :

I don’t know why but I am able to access mail..com on browser and it shows this:

Another screen shot of email log when it is deferred :

how did you manage to do that? I’m trying this solution but the blessed port 25 doesn’t come out at all and Oracle refuses to open the port for me and I also don’t want to use relay mode due to the limits