I connected internally and it is not blocked by the email server. I'll have to get the network admin to verify that the internet connected router/firewall is passing port 993 to the email server.
However, it all was working before the Nov 29 RENEW and when I last created new certs. I doubt there have been any changes to the router since then. But, I'll find out...RDK
Do you even care about port 993? Maybe it has always been faulty from the public internet?
And, note the new cert is being used on those other ports for your rdkscorner domain.
So, what problem remains exactly? Can you describe the domain name and port you think is failing?
3 Likes
@MikeMcQ Yes, I think 993 is not the real issue. I described my problem in my initial posting. Ever since my previous CERT expired on Dec 15, I've been getting "Internet Security Warnings" from Outlook when I sending mail using the RDKSCorner.EU server. And the message Outlook is showing has the attributes of the old, prior to Dec 15 cert which is expired even though I have RENEW-ed it into February....RDK
And, what port is Outlook using to connect to your mail server for sending?
3 Likes
Had no effect 
1 Like
@MikeMcQ As best as I can determine it uses 465, but as it was working before...??
" Microsoft Outlook mail client only supports submission over port 465"
Yes, the openssl command for 465 show the expired cert...RDK
1 Like
What program is "master" (pid=995) which is listening on 465? (and 25 and 587)
We see dovecot using the latest cert but "master" is not. That's where the focus should be.
Assuming "master" is postfix I didn't see anything wrong with what you showed for postfix. But at this stage I'll have to defer to others who are more familiar. Or, you could try a postfix forum.
I know you say it was fine until a cert update but something else must have gone wrong. Does postfix have some sort of cache for cert files that needs updating?
EDIT:
Does this apply @rdk45 ?
4 Likes
Adding on to my previous post. Instead of the command in that ServerFault thread you might be need to use this command instead:
postmap -F hash:/etc/postfix/sni
See this thread:
Your symptoms match pretty well to that thread and relates to postfix and its SNI config. I see port 465 is still sending the older cert but if I remove the servername (or use a faulty one) with openssl I get the current cert. So, it seems your SNI config with Postfix needs refreshing. It's worth a try. Otherwise Postfix is well beyond my skill set. Good luck.
openssl s_client -connect mail.rdkscorner.eu:465 --noservername | head
---
Certificate chain
0 s:CN = mail.rdkscorner.eu
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Nov 29 16:54:50 2022 GMT; NotAfter: Feb 27 16:54:49 2023 GMT
or:
openssl s_client -connect mail.rdkscorner.eu:465 --servername FakeName | head
---
Certificate chain
0 s:CN = mail.rdkscorner.eu
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Nov 29 16:54:50 2022 GMT; NotAfter: Feb 27 16:54:49 2023 GMT
But leaving that off to use your mail.rdkscorner.eu domain gets the old cert.
6 Likes
It is.
4 Likes
@MikeMcQ WOW, you are the MAN!!!! The fix suggested work like a charm.
I crashed here midnight (in France I'm 6 hours ahead of you) but you folks continued to work on my problem - MANY THANKS, a great Christmas morning gift!!!
To the forum members in general, this has been a very interesting, educational and happy experience. I, for sure, have learned a lot about "getting under the hood" 
Now I hope each of you has a great holiday season and a happy New Year....RDK
4 Likes
You are very welcome. I learned a lot too
Which command fixed the problem? The one about SNI or the one on StackOverflow?
You (or we) can mark that one as the Solution to aid people searching in future
4 Likes
@MikeMcQ I just rebuilt the SNI-Maps file with this command: "sudo postmap -F /etc/postfix/sni_maps", which was in my setup notes.
So, I guess, the solution is to rebuild the SNI mapping file.
Again, many thanks for continuing to work after I went to bed...RDK
5 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.