For some reason, I am not able to send mail. I am on Debian 12. I spoke to my VPS provider. They sent me a screenshot of them using telnet port 25. It is open.
I checked with mxtoolbox. My mail.domain.biz is not showing DNS. Please assist.
That means that world can connect to your mail server on port 25… but can you connect to the world using port 25?
From command line, try to connect for example to gmail mail server:
telnet gmail-smtp-in.l.google.com 25
If you don’t have telnet installed: apt install telnet
Also, if you want to know the reason, you must check exim log located here /var/log/exim4/mainlog
1 Like
So telnet timed out…
Here are my logs:
2024-05-06 00:03:41 Start queue run: pid=94898
2024-05-06 00:03:41 1s3d24-000CA1-2m == test
[email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'srv1.mail-tester.com'
2024-05-06 00:03:41 1s3ezC-000Fx5-2x == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'srv1.mail-tester.com'
2024-05-06 00:03:41 1s36QP-0006qf-12 == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'srv1.mail-tester.com'
2024-05-06 00:03:41 1s3Xj0-0002DB-1r == "email address" R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'aol.com'
2024-05-06 00:05:51 1s34Xg-000A5w-3B H=mta7.am0.yahoodns.net [67.195.204.74]: SMTP timeout after initial connection: Connection timed out
2024-05-06 00:08:02 1s34Xg-000A5w-3B H=mta7.am0.yahoodns.net [67.195.204.79]: SMTP timeout after initial connection: Connection timed out
2024-05-06 00:10:13 1s34Xg-000A5w-3B H=mta7.am0.yahoodns.net [67.195.228.106]: SMTP timeout after initial connection: Connection timed out
2024-05-06 00:10:13 1s34Xg-000A5w-3B == "email address" R=dnslookup T=remote_smtp defer (110): Connection timed out H=mta7.am0.yahoodns.net [67.195.228.106]: SMTP timeout after initial connection
2024-05-06 00:10:13 1s3R4u-000oBY-0I Message is frozen
2024-05-06 00:12:24 1s3eyh-000Fr1-0a H=alt2.gmail-smtp-in.l.google.com [172.253.62.27] Connection timed out
2024-05-06 00:12:24 1s3eyh-000Fr1-0a == "email address" R=dnslookup T=remote_smtp defer (110): Connection timed out
2024-05-06 00:12:24 1s3XKe-0000fI-1a == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'srv1.mail-tester.com'
2024-05-06 00:12:24 1s3ZT6-0005xr-0o == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'srv1.mail-tester.com'
2024-05-06 00:12:24 1s39Rj-000JsL-2L == "email address" R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'gmail.com'
2024-05-06 00:12:24 1s36LU-0006iC-0H == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'srv1.mail-tester.com'
2024-05-06 00:12:24 1s36Qm-0006qm-1H == "email address" R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'gmail.com'
2024-05-06 00:12:24 1s3f11-000Fxp-0J == "email address" R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'gmail.com'
2024-05-06 00:12:24 1s3ZTP-0005yM-09 == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'srv1.mail-tester.com'
2024-05-06 00:12:24 1s3eEX-000E7I-0n == "email address" R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'gmail.com'
2024-05-06 00:12:24 1s39Om-000Jq6-2S == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'srv1.mail-tester.com'
2024-05-06 00:12:24 End queue run: pid=94898
So, the outbound packets to port 25 are being blocked… by your server or by your hosting provider.
Check if you have any rules blocking it in your server:
iptables -S
If you have no rules blocking outbound connections to port 25 then your hosting provider should open it.
1 Like
Here are my iptables results.
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-N fail2ban-WEB
-N hestia
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-WEB
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 204.188.195.84/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -s 64.227.184.109/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-RECIDIVE -s 218.92.0.22/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-RECIDIVE -s 218.92.0.118/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-RECIDIVE -s 183.81.169.238/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-RECIDIVE -s 180.101.88.197/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-RECIDIVE -s 179.43.180.108/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-RECIDIVE -s 139.59.44.183/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-WEB -j RETURN
You are not blocking it, contact to your hosting provider.
1 Like
Will do! Thank you a bunch!!
1 Like
My provider is still dealing with the SMTP port. But in the meantime, when I look up my MX record, it shows up as not registered on DNS. I am using my domain host nameservers(Porkbun). I have seen multiple YouTube vids on how to set up Hestia. One creator takes off the period at the end of the mx IP( mail.innovativeworks.biz.). when entering the DNS information. Another one leaves it on. Do you have a take on this issue?
Here are screenshots of my DNS setup:
It is registered, the MX record tells the world what is the mail server that should be contacted to send mails to your domain so you need to check what is the MX record for your domain, not for mail.yourdomain.
As I said, your current MX record is the right one and is working fine:
$ dig innovativeworks.biz mx +short
10 mail.innovativeworks.biz.
1 Like
I can send emails! Thank you for your support. Now to deal with my MX score!
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.