I know i think i goofed up, taking from different configuration guides and amalgamating them together. Where did i screw up exactly? My cloud provider unblocked the SMTP port for me, i might just be limited by that as well. I can send mail but not receive it though. Mail servers are the most byzantine to navigate of all linux services by far to me. I hope you all will understand.
Output from maillog
Apr 7 19:22:53 fnbpbc dovecot[1458]: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=2001:19f0:9003:d2b:5400:4ff:fe4b:dc04, lip=2001:19f0:9003:d2b:5400:4ff:fe4b:dc04, secured, session=<QeSq88P43LMgARnwkAMNK1QABP/+S9wE>
Apr 7 19:23:12 fnbpbc dovecot[1458]: imap-login: Warning: Auth process not responding, delayed sending initial response (greeting): user=<>, rip=2001:19f0:9003:d2b:5400:4ff:fe4b:dc04, lip=2001:19f0:9003:d2b:5400:4ff:fe4b:dc04, secured, session=<VZ7H9MP4lMMgARnwkAMNK1QABP/+S9wE>
Apr 7 19:23:32 fnbpbc dovecot[1458]: imap-login: Error: auth-client: conn unix:login (pid=1453,uid=0): Timeout waiting for handshake from auth server. my pid=38308, input bytes=0
Apr 7 19:23:32 fnbpbc dovecot[1458]: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 30 secs): user=<>, rip=2001:19f0:9003:d2b:5400:4ff:fe4b:dc04, lip=2001:19f0:9003:d2b:5400:4ff:fe4b:dc04, secured, session=<VZ7H9MP4lMMgARnwkAMNK1QABP/+S9wE>
Apr 7 19:23:53 fnbpbc dovecot[1458]: auth: Fatal: Invalid userdb template args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n - key must not be empty
Apr 7 19:23:53 fnbpbc dovecot[1453]: master: Error: service(auth): command startup failed, throttling for 60.000 secs
$ openssl s_client -CAfile /etc/pki/tls/cert.pem -connect mail.fnbpbc.org:imaps
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = blog.fnbpbc.org
verify return:1
---
Certificate chain
0 s:CN = blog.fnbpbc.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 28 22:28:37 2023 GMT; NotAfter: Jun 26 22:28:36 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE7DCCA9SgAwIBAgISBHsRAo3qSs41FDKFCjfFCMejMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAzMjgyMjI4MzdaFw0yMzA2MjYyMjI4MzZaMBoxGDAWBgNVBAMT
D2Jsb2cuZm5icGJjLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGg2/OTS
KYBKs/39YVUAVDy5ajVvvFxSGJUH7VlIAWng870lm3DKMvwBP9CnHtDu4NsH5Xfq
1nv3SoudEE2sJOejggLdMIIC2TAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOrfCBkg
ou4/CerWBqARF3mzvnmKMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLG
MFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iu
b3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMIGuBgNVHREE
gaYwgaOCD2Jsb2cuZm5icGJjLm9yZ4IPY2hhdC5mbmJwYmMub3JnggpmbmJwYmMu
b3JnghFmb3J1bXMuZm5icGJjLm9yZ4IPbWFpbC5mbmJwYmMub3JnghN3d3cuYmxv
Zy5mbmJwYmMub3JnghN3d3cuY2hhdC5mbmJwYmMub3Jngg53d3cuZm5icGJjLm9y
Z4IVd3d3LmZvcnVtcy5mbmJwYmMub3JnMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG
CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5
cHQub3JnMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHQAtz77JN+cTbp18jnFulj0
bF38Qs96nzXEnh0JgSXttJkAAAGHKo1RkAAABAMARTBDAh8vTzYbYeMhsA0BQ2i+
R44RWskU0YDdpA/SeE8WjIZjAiB72o0hocrulcYKfdzVENOa7hCaiWdUp/XpcZgX
a7K2BQB2AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhyqNUbcA
AAQDAEcwRQIgPuGOej8vSCuByBE9VsuUdKeiRd8yYC+/Kzmh70uypiECIQDmgeC3
/A3vytKG39llhVe5mnWBBDHYr0dT5sPSTm0OWzANBgkqhkiG9w0BAQsFAAOCAQEA
FEd7zKZHPMzWPU7Xex+1Mn/4ZCFTmBRkz6QPkTq/VuJY3vC4z83BHcaQXidOjpEm
/GlevzoZgtHrOcX15ObAyJNNBipj+0wdKv5YdcZQhTk/xBG9R/UaPW8YtCulQWMR
VqtgDDS7G3syKYyIa/vy2VJzC4Qx7qVrZq+Cw4qvD9XkFX6pS3IVubCPtFi/v476
0uYs3tVRMXgSjlcgMxjaUlkccQzEvUMn90UXqt2OwxYwSK9Aj+Isk6i94LL+U/CP
S4wi1ouLVEmCDY+m11tMuUUTYEoCdLnTAzunvQSJ2g+dQ/kF1sks6g6hm0FRUkSd
9UuVhHNHXCoHEaz+qZ1VzA==
-----END CERTIFICATE-----
subject=CN = blog.fnbpbc.org
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4335 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 77270E025B5C3FAA469D96634B42C394B704F7DC7E47577C28AC95FE18BF2810
Session-ID-ctx:
Resumption PSK: E65D07616585E92977D1361267A38B0F4FD4E96519E331780C4CE306D34BB24494F8BE37E08BA6E100827B543D02FD77
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 7d cf c2 87 06 8c 06 d7-36 45 91 fa a8 19 b7 c8 }.......6E......
0010 - 96 60 6f e4 c0 1c 34 6d-0a cb d9 ad 69 49 43 f3 .`o...4m....iIC.
0020 - f4 2e d7 74 b5 dd ca 46-31 b3 dc d0 ad 3f 1f 85 ...t...F1....?..
0030 - ef a0 c8 97 3d 68 85 bc-af 1e fc 52 bd 7a 51 16 ....=h.....R.zQ.
0040 - 22 34 ba 35 45 8b ea 30-75 84 50 4e 8e ed 91 3a "4.5E..0u.PN...:
0050 - c8 1e bc 44 43 59 c4 92-b5 17 05 e5 64 1c 2d c2 ...DCY......d.-.
0060 - b7 48 63 ee 34 21 de 7b-aa e0 19 32 ac 12 8c 77 .Hc.4!.{...2...w
0070 - 8f 72 d3 99 6c ad b9 f0-02 f9 8f fd ee f7 f1 5b .r..l..........[
0080 - ee 81 29 ee 87 13 65 51-bf 5e d2 ad 90 ac dd 39 ..)...eQ.^.....9
0090 - b9 34 ff e1 1e 03 37 13-85 70 86 99 67 1f 18 5d .4....7..p..g..]
00a0 - 78 78 eb 06 3a a0 36 fb-f0 f0 30 99 6a 97 98 5c xx..:.6...0.j..\
00b0 - c6 76 b1 b9 42 ec 72 6d-18 13 79 96 48 24 54 48 .v..B.rm..y.H$TH
00c0 - 8c 99 b9 4f 18 f3 04 b1-e8 69 30 3b 30 b7 1a 70 ...O.....i0;0..p
00d0 - cc 98 8a e8 11 c9 6d 81-73 63 28 48 d1 d8 0e 75 ......m.sc(H...u
Start Time: 1680898026
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 462BAB66F7D92804321B7E73D77A6F1CFA1A6B8328970ECC1B03D11E878126EA
Session-ID-ctx:
Resumption PSK: FD26FE7915EDA322992D7FD2C1C0BD0BDCC60191258C63ABAB435123B9D169D80B438B5EBFC60F3EDC566C3C0A427015
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 7d cf c2 87 06 8c 06 d7-36 45 91 fa a8 19 b7 c8 }.......6E......
0010 - 9e 17 41 34 eb cf f4 bb-09 6e 12 6f ea 33 d7 b7 ..A4.....n.o.3..
0020 - 61 44 84 e8 93 26 00 38-dd 85 df 56 e1 a4 80 ab aD...&.8...V....
0030 - da 43 b4 06 9d 1a 32 f2-93 f4 6b 9e 5d d4 7f ce .C....2...k.]...
0040 - ed 4e bd 77 9b c7 38 51-86 3a 48 d3 49 0a 48 a3 .N.w..8Q.:H.I.H.
0050 - da 53 cd e8 a8 24 9a fb-a2 27 e9 80 f9 82 bf 4d .S...$...'.....M
0060 - 1c 50 92 b5 b7 4f e3 d3-0d e4 d7 6f be a2 70 b1 .P...O.....o..p.
0070 - 10 a3 c0 ca 27 ad af 4f-a0 70 41 13 5d 9e 1b 1b ....'..O.pA.]...
0080 - 5b f3 84 8c f6 79 9f 51-4b 1b 6f 82 fc d1 5f cd [....y.QK.o..._.
0090 - a3 2a a4 0b ad a3 fd 6e-38 dc 9f b4 70 05 b4 73 .*.....n8...p..s
00a0 - 52 6f e1 50 d8 a4 20 ef-32 d3 4f 3f fc a5 16 f9 Ro.P.. .2.O?....
00b0 - 01 03 31 07 04 5b 79 3d-90 e8 be ca 62 bd 55 16 ..1..[y=....b.U.
00c0 - bc 5d 04 97 57 f4 52 bc-c6 d9 37 d7 7b 53 f1 7b .]..W.R...7.{S.{
00d0 - df af 98 d7 ab cf ef 87-61 fd 9b 46 e6 5e a1 b9 ........a..F.^..
Start Time: 1680898026
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
* BYE Auth process broken
closed
On a related note, despite having configured wordpress as a multisite, it still takes over the mail subdomain, it did this with nextcloud as well. i have the DNS cnames configured and in the hosts file its correct, but wordpress insists that it doesnt end where another sub domain begins. maybe its a port binding issue?