iRedMail: Going to spam when sending from Postfix to Hotmail and Can't use port 465

I installed postfix and dovecot using iRedmail. During the installation, i supplied iRedmail with server.mailtuner.com as the hostname for the SMTP server.

But! My Let's Encrypt SSL certificate is signed for mailtuner.com. My main root mailserver user is [email protected].

My reverse DNS: server.mailtuner.com is pointing to 45.56.86.66

SPF: v=spf1 ip4:45.56.86.66 ~all

DMARC: v=DMARC1; p=none; rua=mailto:[email protected]

CNAME: server.mailtuner.com aliases to mailtuner.com

A records: "" and "www" points to 45.56.86.66

MX Records:

            mailtuner.com => preference: 0
            server.mailtuner.com => preference: 10
            mail.mailtuner.com => preference: 11

My DKIM is also correctly setup by iRedMail and i also created a txt record for it.

i got 10/10 in mailtester: https://www.mail-tester.com/web-acvkq

Problem! Emails sent from [email protected] to hotmail are going to junk.

When trying to use nodemailer and set the following option headers:

    host: 'server.mailtuner.com',
    port: 587,
    secure: false, // secure:true for port 465, secure:false for port 587
    auth: {
        user: '[email protected]',
        pass: 'XXXXX'
    }
});

I get this error:

{ Error: Hostname/IP doesn't match certificate's altnames: "Host: server.mailtuner.com. is not in the cert's altnames: DNS:mailtuner.com"
    at Object.checkServerIdentity (tls.js:222:17)
    at TLSSocket.<anonymous> (_tls_wrap.js:1110:29)
    at emitNone (events.js:105:13)
    at TLSSocket.emit (events.js:207:7)
    at TLSSocket._finishInit (_tls_wrap.js:638:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:468:38)
  reason: 'Host: server.mailtuner.com. is not in the cert\'s altnames: DNS:mailtuner.com',
  host: 'server.mailtuner.com',
  cert: 
   { subject: { CN: 'mailtuner.com' },
     issuer: 
      { C: 'US',
        O: 'Let\'s Encrypt',
        CN: 'Let\'s Encrypt Authority X3' },
     subjectaltname: 'DNS:mailtuner.com',
     infoAccess: { 'OCSP - URI': [Array], 'CA Issuers - URI': [Array] },
     modulus: 'BD86F1B4E38F01274A16BC128B0B37E265E06A82BB2470BE54EFAF0BD97BD6C9286F8E339C885A675C0E852497E4AD44DDF1F920EA7B7D3C2EC2F9B16CE45A8A67525FAC67F9B226E62F56DBE0B1E0DAD272D200434F54FE680B91A3F5FEF2CB2344FCAAF795BA9CDF6B4917492169FAB56F4F20AC8D0C45A65A8CA8456BAD8B015FBA6BF121F5808B320A0274388528EF0891DFE15850404917802911C3DF9BD6EAA5E457B214AAA8EDFE1A954E0D0272A1B8F01FBD3031262FE3A78806BDE2179E7FC45FF3F9DE398C360961733FC47898F8521F2876F73746B3CB707BDB95BAE8C38F905241E2BF2FA36053BB85E936CF2DB0CB4B9E06A8704E9B19B6262B',
     exponent: '0x10001',
     valid_from: 'Nov  7 21:35:01 2017 GMT',
     valid_to: 'Feb  5 21:35:01 2018 GMT',
     fingerprint: '96:76:5D:D9:1C:D4:CD:50:75:60:D5:52:45:58:AB:5B:BD:D5:CB:F3',
     ext_key_usage: [ '1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2' ],
     serialNumber: '0314E704EE42C2C26F7028950BAA826401A4',
     raw: <Buffer 30 82 04 fd 30 82 03 e5 a0 03 02 01 02 02 12 03 14 e7 04 ee 42 c2 c2 6f 70 28 95 0b aa 82 64 01 a4 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4a ... > },
  code: 'ESOCKET',
  command: 'CONN' }

Changing to hostname in the header nodemailer option to mailtuner.com instead of server.mailtuner.com kind of hide the issue!

But the problem remains! My emails are sent to **junk** and i can't use port 465 to send over SSL.

Solution?: Should i change the name in the Let's Encrypt certificate to server.mailtuner.com? And how to do that?

Should i also add a domain to iRedmail: server.mailtuner.com

and then create another user [email protected]

and then add this user to my DMARC: v=DMARC1; p=none; rua=mailto:[email protected], [email protected]


Solution 1:

Get a new letsencrypt certificate, and specify mailtuner.com, server.mailtuner.com and mail.mailtuner.com as the hostnames for it - ie,

certbot certonly -d mailtuner.com -d mail.mailtuner.com -d server.mailtuner.com

Then restart postfix adn the other services that use SSL on that system