Exim mail problems

Hi all,
sorry for a noob question but I could not have solved this myself and could not found a working solution by googling.

Background: I installed latest version of Hestia CP with multiphp and dovecot & bind.

Dovecot & bind are installed as a backup because we intend to use external mail server.

I installed first wit installer script web domain as mycompany.tld and that is using hosting operators internal use ip. After that I installed an another domain which uses servers external IP and uploaded there the shopping cart files. This IP is going to be the new mycompany.com domain.

I have problems to test the shopping cart functionalities which send mails. Shopping cart supports php mail,sendmail,sendmail-f & SMTP mail

Mails seems to be stuck on exim buffer.

Mainlog shows: 2019-09-26 09:28:32 1iDNEL-0005ye-PW H=hotmail-com.olc.protection.outlook.com [104.47.xx.xx] Connection timed out

mailq shows:

84m 2.1K 1iDNbz-00071B-In [email protected] (admin)
[email protected]

77m 3.3K 1iDNiJ-0007PW-59 <> *** frozen ***
[email protected]

Any help would be greatly appreciated.

Hi @viperzero

This sounds more like a connection issue, can you check if you reach the outlook server using manual smtp check over telnet?

https://www.netadmintools.com/telnet-smtp-test

hi ScIT,
I am currently not using SMTP. I have tried php mail,sendmail and sendmail-f. Our mycompany.com and mailserver is currently in production use and I aim to build a new webshop which only has an ip address currently (no nameservers attached) but I would need to test also email functionality of the shop with that ip.

Usualy mails will be shipped over your local installed mta. If you want to use a external mail service, you’ll need to change the webshop to use your external mail server - or adjust exim to use your external mailserver as relay (check the exim config, there is a commented out section for relay).

Hi ScIT,

I tried to use smtp from web shop but no luck. I forgot to say the installer also installed dovecot. I stopped it. Netstat foreign address looks suspicious from my opinion. Also there is no exim smtp visible
I added dns for public IP
I also tried to configure mailserver as a relay but no luck

Here is netstat output:

root@mycompany:~# netstat -lp --inet
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:9956 0.0.0.0:* LISTEN 1078/php-fpm: maste
tcp 0 0 localhost:9000 0.0.0.0:* LISTEN 1062/php-fpm: maste
tcp 0 0 0.0.0.0:submission 0.0.0.0:* LISTEN 2459/exim4
tcp 0 0 localhost:spamd 0.0.0.0:* LISTEN 1268/perl
tcp 0 0 94-237-xxx-xx.fi-h:http 0.0.0.0:* LISTEN 1079/nginx: master
tcp 0 0 mycompany.tld:http 0.0.0.0:* LISTEN 1079/nginx: master
tcp 0 0 0.0.0.0:urd 0.0.0.0:* LISTEN 2459/exim4
tcp 0 0 localhost:9970 0.0.0.0:* LISTEN 1086/php-fpm: maste
tcp 0 0 localhost:9971 0.0.0.0:* LISTEN 1088/php-fpm: maste
tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN 1115/nginx: master
tcp 0 0 localhost:9972 0.0.0.0:* LISTEN 1089/php-fpm: maste
tcp 0 0 localhost:8084 0.0.0.0:* LISTEN 1079/nginx: master
tcp 0 0 0.0.0.0:ftp 0.0.0.0:* LISTEN 1091/vsftpd
tcp 0 0 mycompany.tld:domain 0.0.0.0:* LISTEN 1060/named
tcp 0 0 94-237-xxx-xx.fi:domain 0.0.0.0:* LISTEN 1060/named
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 1060/named
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 840/systemd-resolve
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 1096/sshd
tcp 0 0 0.0.0.0:smtp 0.0.0.0:* LISTEN 2459/exim4
tcp 0 0 localhost:953 0.0.0.0:* LISTEN 1060/named
tcp 0 0 mycompany.tld:https 0.0.0.0:* LISTEN 1079/nginx: master
udp 0 0 mycompany.tld:domain 0.0.0.0:* 1060/named
udp 0 0 94-237-xxx-xx.fi:domain 0.0.0.0:* 1060/named
udp 0 0 localhost:domain 0.0.0.0:* 1060/named
udp 0 0 localhost:domain 0.0.0.0:* 840/systemd-resolve
udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 907/dhclient
udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 910/dhclient

Issuing following seems that MX records are reachable:

root@mycompany:~# exim -bt -d-resolver [email protected]
Exim version 4.90_1 uid=0 gid=0 pid=12580 D=fbb95cfd
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [7.4.0]
Library version: Glibc: Compile: 2.27
Runtime: 2.27
Library version: GnuTLS: Compile: 3.5.18
Runtime: 3.5.18
Library version: Cyrus SASL: Compile: 2.1.27
Runtime: 2.1.27 [Cyrus SASL]
Library version: PCRE: Compile: 8.39
Runtime: 8.43 2019-02-23
Total 19 lookups
Library version: MySQL: Compile: 50727 5.7.27 [mysqld-5.7]
Runtime: 50727 5.7.27
Library version: SQLite: Compile: 3.22.0
Runtime: 3.22.0
WHITELIST_D_MACROS: “OUTGOING”
TRUSTED_CONFIG_LIST: “/etc/exim4/trusted_configs”
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=12580
auxiliary group list:
seeking password data for user “root”: cache not available
getpwnam() succeeded uid=0 gid=0
changed uid/gid: calling tls_validate_require_cipher
uid=111 gid=116 pid=12581
auxiliary group list:
tls_validate_require_cipher child 12581 ended: status=0x0
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 2c640402
trusted user
admin user
originator: uid=0 gid=0 login=root name=root
sender address = [email protected]
Address testing: uid=0 gid=116 euid=0 egid=116

Testing [email protected]

Considering [email protected]

routing [email protected]
--------> dnslookup router <--------
local_part=myynti domain=mycompany.fi
checking domains
search_open: dsearch “/etc/exim4/domains/”
search_find: file=“/etc/exim4/domains/”
key=“mycompany.fi” partial=-1 affix=NULL starflags=0
LRU list:
5/etc/exim4/domains/
End
internal_search_find: file=“/etc/exim4/domains/”
type=dsearch key=“mycompany.fi
file lookup required for mycompany.fi
in /etc/exim4/domains/
lookup failed
mycompany.fi in “dsearch;/etc/exim4/domains/”? no (end of list)
mycompany.fi in “!+local_domains”? yes (end of list)
calling dnslookup router
dnslookup router called for [email protected]
domain = mycompany.fi
DNS lookup of mycompany.fi (MX) succeeded
DNS lookup of mx1.ovh.net (A) succeeded
DNS lookup of mx2.ovh.net (A) succeeded
DNS lookup of mxb.ovh.net (A) succeeded
fully qualified name = mycompany.fi
host_find_bydns yield = HOST_FOUND (3); returned hosts:
mx1.ovh.net 188.165.47.122 MX=1
mx2.ovh.net 87.98.132.45 MX=5
mxb.ovh.net 46.105.45.21 MX=100
set transport remote_smtp
queued for remote_smtp transport: local_part = myynti
domain = mycompany.fi
errors_to=NULL
domain_data=NULL localpart_data=NULL
routed by dnslookup router
envelope to: [email protected]
transport: remote_smtp
host mx1.ovh.net [188.165.47.122] MX=1
host mx2.ovh.net [87.98.132.45] MX=5
host mxb.ovh.net [46.105.45.21] MX=100
[email protected]
router = dnslookup, transport = remote_smtp
host mx1.ovh.net [188.165.47.122] MX=1
host mx2.ovh.net [87.98.132.45] MX=5
host mxb.ovh.net [46.105.45.21] MX=100
search_tidyup called

Exim pid=12580 (main) terminating with rc=0 >>>>>>>>>>>>>>>>

from mainlog I see following error:

2019-09-27 13:21:25 1iDEHA-0004u4-2k H=hotmail-com.olc.protection.outlook.com [104.47.66.33] Connection timed out
2019-09-27 13:21:25 1iDEHA-0004u4-2k == [email protected] R=dnslookup T=remote_smtp defer (110): Connection timed out

I am total newbie in emails and also in hestia CP so I think the solution must be pretty easy but I can not figure it out. Any help would be greatly appreciated because server and web shop would be production ready otherwise but I must be sure that email functionalities work also with external mailserver.

It looks like your hosting provider is blocking your outgoing (smtp) traffic (BTW what provider do you use)
Please check with this command:

telnet hotmail-com.olc.protection.outlook.com 25

You should see an output like this:

Trying 104.47.55.161...
Connected to hotmail-com.olc.protection.outlook.com.
Escape character is '^]'.
220 BN8NAM12FT026.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 30 Sep 2019 08:03:35 +0000

To close the connection pres CTRL + ] and enter “quit” at the telnet prompt

Hi Lupu,

my current webhosting upcloud.com has blocked port 25 as a security measure but it can be opened.

Our mail provider is OVH-SAS hosting firm and they use different port for incoming mail:

The incoming mail server:SSL0.OVH.NET Incoming server port:993 or 143

I tried with this:

root@mycompany:/etc/exim4# hostname && hostname -f
mycompany.tld
mycompany.tld
root@mycompany:/etc/exim4# telnet SSL0.OVH.NET 143
Trying 193.70.18.144…
Connected to SSL0.OVH.NET.
Escape character is ‘^]’.

  • OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot on host 93 ready

^] BAD Error in IMAP command received by server.

When I installed hestia cp I used mycompany.tld bocus address but in the future I like to use the live domain name mycompany.fi (now reserved for production environment) Also dovecot is installed as a spare and not necessary in the future I think.

I tried to activate smarthost on update-exim4.conf.conf:

dc_eximconfig_configtype=‘satellite’
dc_other_hostnames=‘94.237.xxx.xxx’
dc_local_interfaces=‘127.0.0.1 ; ::1’
dc_readhost=‘94.237.xxx.xxx’
dc_relay_domains=’’
dc_minimaldns=‘false’
dc_relay_nets=’’
dc_smarthost=‘mycompany.fi
CFILEMODE=‘644’
dc_use_split_config=‘false’
dc_hide_mailname=‘true’
dc_mailname_in_oh=‘true’
dc_localdelivery=‘mail_spool’

I also added 94.237.xxx.xxx IP on ovh SPF record as following:

“v=spf1 a mx ip4:94.237.xxx.xxx include:mx.ovh.com include:_spf.google.com ~all”

Some simple mistake I made I guess, just not familiar with hestia or exim configuration at all :frowning:

Hi folks,

I still haven’t figured this out. I will offer a small compensation to anyone who knows how to resolve this. I could set up a teamviewer session so I could see how it is done if anybody is interested.

I have for example this kind of response so I think it is not OVH mail server which is causing the issue:

root@mycompany:~# ping google.com
PING google.com(arn11s04-in-x0e.1e100.net (2a00:1450:400f:80b::200e)) 56 data bytes
64 bytes from arn11s04-in-x0e.1e100.net (2a00:1450:400f:80b::200e): icmp_seq=1 ttl=56 time=8.09 ms
64 bytes from arn11s04-in-x0e.1e100.net (2a00:1450:400f:80b::200e): icmp_seq=2 ttl=56 time=8.17 ms
64 bytes from arn11s04-in-x0e.1e100.net (2a00:1450:400f:80b::200e): icmp_seq=3 ttl=56 time=8.15 ms
64 bytes from arn11s04-in-x0e.1e100.net (2a00:1450:400f:80b::200e): icmp_seq=4 ttl=56 time=8.10 ms
^C
google.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 8.098/8.134/8.175/0.115 ms
root@mycompany:~# openssl s_client -starttls smtp -crlf -connect SSL0.OVH.NET:993
CONNECTED(00000003)
^C
root@mycompany:~# openssl s_client -starttls smtp -crlf -connect SSL0.OVH.NET:143
CONNECTED(00000003)
Didn’t find STARTTLS in server response, trying anyway…
140455833220160:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:…/ssl/record/ssl3_record.c:332:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 247 bytes and written 347 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)