Mailu Mail Server and ngnix proxy manager

stangei · May 8, 2024, 10:47am

Hello, please help
How can I use the Mailu mail server with Nginx proxy manager so that the other WordPress websites still work without a port conflict? Thank you!!!

bluepuma77 · May 8, 2024, 6:29pm

That sounds more like a nginx question. Make sure you proxy all ports required by mailu (probably 25, 143, 465, 587, 993), and note that not all are http, but some are pure TCP.

We run mailu on a separate tiny VM. Reputation of the IP is important, so we don’t want to mess with it.

stangei · May 10, 2024, 5:51pm

hello,
I just changed the mailu frontend ports to 8080:80 and 8443:443, and everything works great! Thank you !!!

bluepuma77 · May 12, 2024, 5:48pm

Be aware that this might only work for up to 90 days, then the LetsEncrypt cert might expire. Mailu probably uses httpChallenge or tlsChallenge, and those only work with external port 80 and 443, respectively.

stangei · May 12, 2024, 5:53pm

hello, but that only affects the frontend, right? Email traffic isn’t affected, right? Thank you!

bluepuma77 · May 13, 2024, 8:07am

Mailu needs port 80 by default, as Mailu is using port 80 for LetsEncrypt httpChallenge (doc).

All mail protocols (SMTP, POP, IMAP) have an encrypted version and they seem to run with the created LetsEncrypt cert:

SMTPS (port 465):

openssl s_client -connect smtp.example.com:465 -servername smtp.example.com -showcerts | openssl x509 -text -noout

SMTP with STARTTLS (port 587):

openssl s_client -starttls smtp -connect smtp.example.com:587 -servername smtp.example.com -showcerts | openssl x509 -text -noout

Replace the two domains in the command and check for NotBefore and NotAfter of the last cert.

stangei · May 13, 2024, 10:17am

hello, this is the message :

connect:errno=111
Could not read certificate from
Unable to load certificate

thanks.

bluepuma77 · May 13, 2024, 11:03am

I don’t know your setup. I can just tell you that my default Mailu setup has the LetsEncrypt TLS certs on all encrypted mail ports and that a re-new will probably fail if you don`t use/forward port 80 to Mailu.

Standard email and HTTP/S ports

SMTP (Simple Mail Transfer Protocol)

Port 25: Default SMTP port for sending email
Port 465: SMTP over SSL/TLS (SMTPS) for secure email sending
Port 587: SMTP with STARTTLS for secure email sending

IMAP (Internet Message Access Protocol)

Port 143: Default IMAP port for retrieving email
Port 993: IMAP over SSL/TLS (IMAPS) for secure email retrieval

POP3 (Post Office Protocol 3)

Port 110: Default POP3 port for retrieving email
Port 995: POP3 over SSL/TLS (POP3S) for secure email retrieval

HTTP (Hypertext Transfer Protocol)

Port 80: Default HTTP port for unencrypted web traffic
Port 443: Default HTTPS port for encrypted web traffic

stangei · May 13, 2024, 12:13pm

hello, that’s right, if I change the ports then I don’t get a certificate,
but if I deactivate the nginx proxy manager and set the ports to 80 and 443 on Mailu, I get a certificate, but then I have to do this every 90 days,
Thank you.

Topic		Replies	Views
Need help to configure wordpress and smtp mail General	2	7038	July 14, 2016
Some issue with a docker container and a domain in Nginx PM General	2	513	January 27, 2021
Not every Container gets a Certificate with NGINX reverse proxy and Letsencrypt General	0	840	April 7, 2020
Docker compose letsencrypt/nginx/certbot expectations Compose	2	20245	February 28, 2024
Nginx + letsencrypt error General docker	4	3740	November 25, 2019