I try Hestiacp and I like it very much compare to others but in hestiacp I can’t receive emails in my mail, I am able to send email via SMTP relay it’s works fine, but can’table to receive any emails, first I think maybe something worng I did in setup process, and I try and try but can’t able to solve, then I try other control panels like cyberpanel, webmin, aapanel then it’s work completely fine I am able to receive and sent emails in those panels, only in Hestiacp something doesn’t work, I am not expert in these kind of things just a simple user, but I really like hestiacp setup compare to others unfortunately I can’t use it because I am unable to receive mail, in sending mail I get 10/10 score in mail tester, unfortunately I can’t know debugging any problem I am noob in software, please help me if possible because I really want to use hestiacp for my website.
Hello @Chrisgayle,
You gave no details about the issue so it is really hard to help you.
When you send a mail from another provider, is it bounced with an error message? If yes, what is the error message?
You should also check exim logs to know what is going on:
/var/log/exim4/paniclog
/var/log/exim4/mainlog
/var/log/exim4/rejectlog
Note: paniclog should be empty, if it is not empty, something wrong happens.
Cheers,
sahsanu
What is the domain?
sorry sir but i accidently delete that bounce mail, but i will definetly provide that when i receive next bounce email.
i also check logs files here it is:
/var/log/exim4/paniclog :
file doesnt exist/not found
/var/log/exim4/mainlog:
root@panel:~# tail -f /var/log/exim4/mainlog
2023-09-17 10:15:47 1qhood-0003kh-3k Completed
2023-09-17 10:17:12 1qhoBB-0009cb-94 H=mail.protonmail.ch [185.205.70.128]: SMTP timeout after initial connection: Connection timed out
2023-09-17 10:19:09 1qhort-0003mF-Kg <= [email protected] H=localhost (webmail.domain.co.in) [127.0.0.1] P=esmtpa A=dovecot_login:[email protected] S=12395 [email protected]
2023-09-17 10:19:09 1qhort-0003mF-Kg => [email protected] R=send_via_smtp_relay T=smtp_relay_smtp H=smtp-relay.brevo.com [1.179.113.52] X=TLS1.2:ECDHE_SECP256R1__RSA_SHA512__AES_128_GCM:128 CV=yes A=smtp_relay_login C=“250 Message queued as [email protected]”
2023-09-17 10:19:09 1qhort-0003mF-Kg Completed
2023-09-17 10:19:24 1qhoBB-0009cb-94 H=mail.protonmail.ch [185.70.42.128]: SMTP timeout after initial connection: Connection timed out
2023-09-17 10:21:35 1qhoBB-0009cb-94 H=mailsec.protonmail.ch [176.119.200.129]: SMTP timeout after initial connection: Connection timed out
2023-09-17 10:23:46 1qhoBB-0009cb-94 H=mailsec.protonmail.ch [185.205.70.129]: SMTP timeout after initial connection: Connection timed out
2023-09-17 10:23:46 1qhoBB-0009cb-94 == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out H=mailsec.protonmail.ch [185.205.70.129]: SMTP timeout after initial connection
2023-09-17 10:23:46 End queue run: pid=13945
/var/log/exim4/rejectlog:
root@panel:~# tail -f /var/log/exim4/rejectlog
2023-09-17 09:43:08 rejected HELO from [171.67.70.229]: syntactically invalid argument(s): (no argument given)
2023-09-17 10:13:11 H=mail-ps2kor01olkn2021.outbound.protection.outlook.com (KOR01-PS2-obe.outbound.protection.outlook.com) [40.92.242.21] X=TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_GCM:128 CV=no SNI=mail.domain.co.in F=[email protected] rejected RCPT [email protected]: Rejected because 40.92.242.21 is in a black list at zen.spamhaus.org
2023-09-17 10:34:22 H=mail-pg1-f175.google.com [209.85.215.175] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=mail.domain.co.in F=[email protected] rejected RCPT [email protected]: Rejected because 209.85.215.175 is in a black list at zen.spamhaus.org
note: my vps provider doest allow port 25 so i use smtp relay and its work fine but still cant able to receive emails, this happen only i hestia please help.
domain.co.in
Sir I received a new bounce mail in my gmail by:
[email protected]
Delivery incomplete
There was a temporary problem while delivering your message to [email protected]. Gmail will retry for 23 more hours. You’ll be notified if the delivery fails permanently.
LEARN MORE
The response from the remote server was:
550 Rejected because 209.85.222.175 is in a black list at zen.spamhaus.org Error: open resolver; DNSBL Error Code - Open/public resolver - The Spamhaus Project
Hello @Chrisgayle,
Based on these messages:
Those ips are not actually listed in black list zen.spamhaus.org. If I dig them, I receive no response so it means the ips are not listed, if you use the same command, you will see that those ips resolve to something like 127.0.0.x and that is the reason they are rejected.
dig (echo '40.92.242.21' | awk -F '.' '{print $4"."$3"."$2"."$1".zen.spamhaus.org"}') +nodnssec
; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> 21.242.92.40.zen.spamhaus.org +nodnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29770
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;21.242.92.40.zen.spamhaus.org. IN A
;; AUTHORITY SECTION:
zen.spamhaus.org. 10 IN SOA need.to.know.only. hostmaster.spamhaus.org. 2309171106 3600 600 432000 10
;; Query time: 23 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Sep 17 13:07:04 CEST 2023
;; MSG SIZE rcvd: 122
dig (echo '209.85.215.175' | awk -F '.' '{print $4"."$3"."$2"."$1".zen.spamhaus.org"}') +nodnssec
; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> 175.215.85.209.zen.spamhaus.org +nodnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34317
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;175.215.85.209.zen.spamhaus.org. IN A
;; AUTHORITY SECTION:
zen.spamhaus.org. 10 IN SOA need.to.know.only. hostmaster.spamhaus.org. 2309171107 3600 600 432000 10
;; Query time: 127 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Sep 17 13:07:55 CEST 2023
;; MSG SIZE rcvd: 124
So seems you are using a public resolver like 8.8.8.8 or 1.1.1.1 and spamhaus doesn’t allow them, so all ips are being rejected.
You could get an api key to use spamhaus and avoid this resolver issue or install a local resolver like powerdns resolver or unbound so you don’t use public resolvers.
Cheers,
sahsanu
Thankyou sir for understanding and helping me and provide me a solution for this problem.
But sir can you please provide me any data/document to what I need to do and how to solve this problem.
Actually I am not good in command and stuff, so please help me sir, I know I am to much demanding sorry.
Maybe the best solution for you would be to get a free data access query from spamhaus:
Fill and submit this form:
You will receive an email to verify the email address used in previous form. When verifying the address email with the link they sent, you will see your account number and will need to assign a password to your account.
Once done, you can login to your account:
https://portal.spamhaus.com/dqs/
Once logged, go to Products → DQS and you will see your Query Key and below you will see the exactly fqdn that you will need to use ZEN Spamhaus black list.
Something like HereYourQueryKey.zen.dq.spamhaus.net
Note: NEVER share your Query Key with anyone.
Now, in your Hestia server, edit file /etc/exim4/dnsbl.conf and replace zen.spamhaus.org by HereYourQueryKey.zen.dq.spamhaus.net
Save the file and restart exim
systemctl restart exim4
I hope this helps.
Cheers,
sahsanu
Thank you sir, really you help me a lot. You, the Hestia team everyone is awesome.
Thanks will update the docs to include the information
Wondering, wouldn’t that reveal the Query Key in the SMTP error once a message gets rejected? Like "Rejected because x.x.x.x is in a black list at HereYourQueryKey.zen.dq.spamhaus.net
You are right, you should modify the rejected message in /etc/exim4/exim4.conf.template
Change this:
deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
By something like this to not reveal what is the black list used:
deny message = Rejected because $sender_host_address is in a black list
And restart exim:
systemctl restart exim4
I try to change this record but I didn’t find this records in /etc/exim4/exim4.conf.template.
Line number is different on each OS…
Thanks sir, I found it now and change the records, really sir you and @sahsanu sir help me lot. Thanks again. And @maurice sir you too for raising the query thanks.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.