I run dovecot and Postfix and lets encrypt.
When I ssh into my postfix and run openssl for check mail such as:
openssl s_client -crlf -connect mail.pahlevanzadeh.org:995 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = E5 verify return:1 depth=0 CN = pahlevanzadeh.org verify return:1 --- Certificate chain 0 s:CN = pahlevanzadeh.org i:C = US, O = Let's Encrypt, CN = E5 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384 v:NotBefore: Jul 3 13:19:48 2025 GMT; NotAfter: Oct 1 13:19:47 2025 GMT 1 s:C = US, O = Let's Encrypt, CN = E5 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDjzCCAxagAwIBAgISBfAG6EnNBxwMyTgidyRdr+nmMAoGCCqGSM49BAMDMDIx CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF NTAeFw0yNTA3MDMxMzE5NDhaFw0yNTEwMDExMzE5NDdaMBwxGjAYBgNVBAMTEXBh aGxldmFuemFkZWgub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErVtD0AA6 BaATfUTG7qWpleN88HHQZ+SmlWlcEMLgYwKa6DPAhHfrHEZAjrU6+mk+lrBdTSpr RuKgOCyOcDYIb6OCAiAwggIcMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUTaP3tk8u 8H1nH/BbBfySDX/nRY8wHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5v cmcvMBwGA1UdEQQVMBOCEXBhaGxldmFuemFkZWgub3JnMBMGA1UdIAQMMAowCAYG Z4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9lNS5jLmxlbmNyLm9yZy8x MDMuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA7TxL1ugGwqSiAFfbyyTi OAHfUS/txIbFcA8g3bc+P+AAAAGX0KcM/wAABAMARzBFAiEAzluaHjtzA30ftQDU +Cb5dnH+bXxGkjMD2WehMwyGGjkCIEurvvw15crGFbUFgNsicXHh8bp50KzjwNUU gzzKDX+CAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGX0Kcc swAABAMARzBFAiEA3fVi/nyjaImFY6+onDBAI+1+jOieXzyQJUJ0ZEVYWZUCIGSF eP99MnyuXu+5TVK0VKGV+PL6kOw49f5ej7zdZA1DMAoGCCqGSM49BAMDA2cAMGQC MD/W3lbNC5UvdxL2tKGBJtIgSJtapSqe+GUNmZ3zfIw79pKB5DFwy1+EgO3xDzhu pQIwFkI9ZX0vn9SGhEnQ+2C4bopBmzApij454cU8rGNi7WmUMiksVoj0DkxVWbyb LWQL -----END CERTIFICATE----- subject=CN = pahlevanzadeh.org issuer=C = US, O = Let's Encrypt, CN = E5 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 2410 bytes and written 408 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: DD436BF44CDC6F2C7046EC7A42DE9A97EA379E51902323A34A009F4539FF1B5C Session-ID-ctx: Resumption PSK: C056509B8FCB34CAB041316D294F993D21093841461563833DF5DDC59682FDF8E50A040AF00089B164278E15075BD0BC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 72 06 8e a4 63 84 11 12-1d 78 ff 11 5f 40 ef d0 r...c....x.._@.. 0010 - 38 3b 02 93 5c e9 ae 5f-bd 74 b4 42 6b 9b 01 cd 8;..\.._.t.Bk... 0020 - e2 05 85 33 55 1b 6f e7-a1 bb 5b f6 fb 95 25 af ...3U.o...[...%. 0030 - a9 1d f3 79 c8 5d b6 10-04 fa ee 5b bf ac c7 bb ...y.].....[.... 0040 - e7 39 5a 49 c3 e4 b1 2d-0d a9 fe cf 5f 18 01 76 .9ZI...-...._..v 0050 - f0 74 31 51 94 36 b8 0f-70 5e 35 8e b4 fc 4a 25 .t1Q.6..p^5...J% 0060 - 75 bc 6e b6 6d 02 2e a1-63 13 a8 ae aa 21 5e 14 u.n.m...c....!^. 0070 - 9e a7 94 95 6f ac 4d df-bb 9b 0d 3a ba a6 37 3a ....o.M....:..7: 0080 - 09 59 26 a9 62 89 e0 f5-4a da 76 8d 41 f9 70 02 .Y&.b...J.v.A.p. 0090 - b6 0c bf 56 76 1a a7 99-a0 86 1c e0 e3 55 7f 2b ...Vv........U.+ 00a0 - 2b 70 b7 ae d3 dd c2 67-fb 2d 61 c3 f7 2f 6f bb +p.....g.-a../o. 00b0 - c0 76 7c a6 16 de 05 3c-16 e3 2a 26 75 30 17 54 .v|....<..*&u0.T 00c0 - 5f de f2 a2 06 be 86 13-ab a3 0e 54 bf 6e b1 be _..........T.n.. 00d0 - bd de 2f 05 b4 b7 f7 4c-a1 a3 88 13 45 f9 8b 38 ../....L....E..8 Start Time: 1751891526 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 3EE4F50AE3E31F5F47C00EA8DDEE91C77DB3DEFD8A23C283D02DB7A99A59870C Session-ID-ctx: Resumption PSK: 9F220FCF0B2D8F05CFE728CDC2F361692394B19388F31D0C73B470EC6B741316668651AB26A5E5481F792C18B8B3F6FA PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 72 06 8e a4 63 84 11 12-1d 78 ff 11 5f 40 ef d0 r...c....x.._@.. 0010 - 69 4a 96 90 d5 53 75 85-5f 14 34 75 86 f9 df 25 iJ...Su._.4u...% 0020 - 52 36 f4 0f 3f 27 8d c7-1f f1 07 4e 22 98 fa 66 R6..?'.....N"..f 0030 - d4 bb 9f 49 3a 28 b0 26-d9 86 a8 7e e3 fe 15 1b ...I:(.&...~.... 0040 - 4b 94 71 af d1 e1 33 59-9d 9d 91 44 bb 0a 1a b8 K.q...3Y...D.... 0050 - cb 7a a1 c9 d7 04 3e 0c-d2 1f d0 b3 fe 35 ee af .z....>......5.. 0060 - ba 5b 12 2b ff 44 0e e7-52 7a c7 42 5a f1 71 27 .[.+.D..Rz.BZ.q' 0070 - b4 bb d0 44 fe da 63 cf-e4 4e 4d d7 50 1f 09 55 ...D..c..NM.P..U 0080 - ac 92 b1 11 02 63 0d 12-e4 51 13 2c db a9 e8 7e .....c...Q.,...~ 0090 - 54 72 7c eb 35 b9 36 d3-05 7a e6 df 44 b6 7c 78 Tr|.5.6..z..D.|x 00a0 - c3 74 d6 ac 04 a4 9a 6d-6c 46 df 34 80 e0 8f ce .t.....mlF.4.... 00b0 - 52 39 2f 37 ec 43 8c 65-f2 29 d3 7d c0 4d c3 02 R9/7.C.e.).}.M.. 00c0 - a8 fc a5 4d c4 55 77 31-34 20 e5 4a d8 10 95 c6 ...M.Uw14 .J.... 00d0 - a5 25 c3 57 d6 92 df 7a-b7 e3 90 ce 8b 99 e7 8c .%.W...z........ Start Time: 1751891526 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK +OK MDA server ready. It means everything is okey and ready to get USER , PASS and another verbs of POP3 protocol.
In machine B :
mohsen@m:~$ openssl s_client -crlf -connect mail.pahlevanzadeh.org:995 40772B28757F0000:error:8000006E:system library:BIO_connect:Connection timed out:../crypto/bio/bio_sock2.c:114:calling connect() 40772B28757F0000:error:10000067:BIO routines:BIO_connect:connect error:../crypto/bio/bio_sock2.c:116: connect:errno=110 And in machine C:
mohsen@debian:~$ openssl s_client -crlf -connect mail.pahlevanzadeh.org:995 Connecting to 54.37.192.44 CONNECTED(00000003) depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1 verify return:1 depth=1 C=US, O=Let's Encrypt, CN=E5 verify return:1 depth=0 CN=pahlevanzadeh.org verify return:1 --- Certificate chain 0 s:CN=pahlevanzadeh.org i:C=US, O=Let's Encrypt, CN=E5 a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA384 v:NotBefore: Jul 3 13:19:48 2025 GMT; NotAfter: Oct 1 13:19:47 2025 GMT 1 s:C=US, O=Let's Encrypt, CN=E5 i:C=US, O=Internet Security Research Group, CN=ISRG Root X1 a:PKEY: EC, (secp384r1); sigalg: sha256WithRSAEncryption v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDjzCCAxagAwIBAgISBfAG6EnNBxwMyTgidyRdr+nmMAoGCCqGSM49BAMDMDIx CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF NTAeFw0yNTA3MDMxMzE5NDhaFw0yNTEwMDExMzE5NDdaMBwxGjAYBgNVBAMTEXBh aGxldmFuemFkZWgub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErVtD0AA6 BaATfUTG7qWpleN88HHQZ+SmlWlcEMLgYwKa6DPAhHfrHEZAjrU6+mk+lrBdTSpr RuKgOCyOcDYIb6OCAiAwggIcMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUTaP3tk8u 8H1nH/BbBfySDX/nRY8wHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5v cmcvMBwGA1UdEQQVMBOCEXBhaGxldmFuemFkZWgub3JnMBMGA1UdIAQMMAowCAYG Z4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9lNS5jLmxlbmNyLm9yZy8x MDMuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA7TxL1ugGwqSiAFfbyyTi OAHfUS/txIbFcA8g3bc+P+AAAAGX0KcM/wAABAMARzBFAiEAzluaHjtzA30ftQDU +Cb5dnH+bXxGkjMD2WehMwyGGjkCIEurvvw15crGFbUFgNsicXHh8bp50KzjwNUU gzzKDX+CAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGX0Kcc swAABAMARzBFAiEA3fVi/nyjaImFY6+onDBAI+1+jOieXzyQJUJ0ZEVYWZUCIGSF eP99MnyuXu+5TVK0VKGV+PL6kOw49f5ej7zdZA1DMAoGCCqGSM49BAMDA2cAMGQC MD/W3lbNC5UvdxL2tKGBJtIgSJtapSqe+GUNmZ3zfIw79pKB5DFwy1+EgO3xDzhu pQIwFkI9ZX0vn9SGhEnQ+2C4bopBmzApij454cU8rGNi7WmUMiksVoj0DkxVWbyb LWQL -----END CERTIFICATE----- subject=CN=pahlevanzadeh.org issuer=C=US, O=Let's Encrypt, CN=E5 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ecdsa_secp256r1_sha256 Peer Temp Key: X25519, 253 bits --- SSL handshake has read 2409 bytes and written 1644 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- I have 2 serious question:
- Why I have 2 result in 2 machine B and C?
- Why I can't connect to mail.pahlevanzadeh.org from machine C completely?
traceroute tcptraceroute tracepathfrom the different clients to the server. BTW you describe this as "when I ssh into my postfix" but you are not using any kind of ssh anywhere; OpenSSL originally implemented SSL and now in a standard build implements only TLS. In fact your server, like many nowadays, accepts only TLS1.2 and TLS1.3.+OK MDA server readyand output of C differ with output of A .