Hestiacp does not receive emails, SMTP relay active globally for sending (AWS/SES)

Greetings hestiacp family, could you please help me with the following impasse that my email server presents:

I am using global SMTP Relay to send the messages, I am using the AWS/SES SMTP interface and it works fine, but I have not been able to receive emails in the Roundcube inbox, I have copied the DNS and the corresponding email domains configured to my server DNS (AWS/Route 53) such as:
_dmarc
mail._domainkey
_domainkey

I also have the ports open both in AWS/VPC-EC2 and in hestiacp:
POP3TCP110,995
SMTPTCP25,465,587
IMAPTCP143,993

I also exhaustively reviewed the blacklists to make sure that I was there and indeed I am not there.

the domain in question is:

cyberset-up.com
mail.cyberset-up.com

Could you please guide me in the search for solutions in the direction of receiving emails please, from now on thank you very much and I will be attentive.

What do the logs (mail/exim/dovecot) say?

Hi Maurice, thanks for answering. Here is the dovecot log:

root@set:/# tail -f /var/log/dovecot.log
Mar 31 21:03:57 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=96.126.105.99, li p=172.31.92.94, session=
Mar 31 21:16:55 pop3-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=50.116.61.134, li p=172.31.92.94, TLS handshaking: SSL_accept() failed: error:14201044:SSL routines:tls_choose_sigalg:interna l error, session=
Mar 31 21:27:49 imap-login: Info: Disconnected (no auth attempts in 2 secs): user=<>, rip=172.104.217.142, lip=172.31.92.94, TLS handshaking: SSL_accept() failed: error:14201044:SSL routines:tls_choose_sigalg:inter nal error, session=<05qN4Tj4SO6saNmO>
Mar 31 22:29:44 pop3-login: Info: Disconnected (no auth attempts in 2 secs): user=<>, rip=205.210.31.22, li p=172.31.92.94, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_cl ient_hello:unsupported protocol, session=
Mar 31 23:24:50 pop3-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=167.248.133.52, l ip=172.31.92.94, TLS: Connection closed, session=<MxMFhDr4kNen+IU0>
Apr 01 00:19:09 imap-login: Info: Disconnected (no auth attempts in 2 secs): user=<>, rip=198.235.24.145, l ip=172.31.92.94, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_c lient_hello:unsupported protocol, session=
Apr 01 00:28:51 auth: Info: missing passwd file: /etc/exim4/domains/ec2.internal/passwd
Apr 01 00:28:57 auth: Info: missing passwd file: /etc/exim4/domains/ec2.internal/passwd
Apr 01 00:29:07 auth: Info: missing passwd file: /etc/exim4/domains/ec2.internal/passwd
Apr 01 00:29:24 auth: Info: login(?,95.214.27.145): Empty username
tail -f /var/log/exim/mainlog
tail -f /var/log/exim/mainlog

Here are also the records of the email in question:

root@set:/# sudo grep “[email protected]” /var/log/exim4/mainlog
2023-04-01 00:04:28 H=mail-qt1-f177.google.com [209.85.160.177] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=“mail.cyberset-up.com” F=[email protected] rejected RCPT [email protected]: Rejected because 209.85.160.177 is in a black list at zen.spamhaus.org
2023-04-01 00:05:55 H=mail-yw1-f180.google.com [209.85.128.180] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=“mail.cyberset-up.com” F=[email protected] rejected RCPT [email protected]: Rejected because 209.85.128.180 is in a black list at zen.spamhaus.org
2023-04-01 00:51:17 H=mail-pj1-f45.google.com [209.85.216.45] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=“mail.cyberset-up.com” F=[email protected] rejected RCPT [email protected]: Rejected because 209.85.216.45 is in a black list at zen.spamhaus.org
2023-04-01 00:59:05 H=mail-ot1-f48.google.com [209.85.210.48] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=“mail.cyberset-up.com” F=[email protected] rejected RCPT [email protected]: Rejected because 209.85.210.48 is in a black list at zen.spamhaus.org

2 Likes

Thank you for being interested in the solution to this issue, I also continue in constant research to go into production.

Thank you again and we continue working and attentive to the contributions in the direction of the solution.

1 Like

Perfect example of why investigating the logs is relevant before posting to any forum.
The logs are clear:
Rejected because 209.85.210.48 is in a black list at zen.spamhaus.org
That needs to get fixed, either by removing the listing or removing the use of the blacklist.

5 Likes

thank you maurice for your guidance, let me ask you a question, do you know how to remove the blacklist or stop using it for this purpose? Thanks in advance for your answer.

What have you tried or found on the subject so far?

Hi Maurice,

The issue is that when I display the search for my IP and Domain in -SpamHaus- I get the following message:
172.31.92.94 (has no issues) however my mail server insists on blocking incoming messages, I already tried a replica server without SMPT Relay/SES redirection and the same thing happens, so we could rule out AWS/SES interference as Relay, I’m still researching and trying to find a solution. Surely you will have already noticed that I am not an expert in servers, even so I am not going to stop, neither with my project nor with the search for a solution, I appreciate your interest in this topic.

That IP is not on that list. This is likely being caused by the use of Spamhaus DNS lookups through a public resolver as indicated in an earlier reply linked by @Raphael.

If you are going to use Spamhaus via DNS you cannot use a shared or public resolver. You need to either remove this DNSbl from your server configuration or change how you process your DNS queries.

I have this issue hosting from home.

Its spanhaust PBL thats the issue, it blacklists every server that does not have a host that matches the rdns IP host name.

I contacted my ISP to pay to get this changed but they will not so emails to hotmail are blocked for my server i am affraid.

Most vps, dps allow you to change the host name of the ip address to overcome this issue like 123-reg does in the control panel.

It is a fearure thats good in one way because of the amount emails thy send you to scam sites we see everyday but on the other side if you want to host emails servers you need a feature from your vps dps or isp to change the ip address host name, the other more expensive option is to buy your own ip block but in this day and age excess capital is the issue plus alot of providers wont use your ipaddress block as they make extra income by selling you extra ip addresses.

hi liamgibbins,

The results of your research are really disturbing, however I will try to edit and change the hostname of the IP address on the VPS.
when I contacted my ISP I didn’t get encouraging answers either, so the possibilities and options are exhausted, I’ll put your recommendation into practice and come back with the results.

Thank you very much for contributing to this issue.

1 Like

This is spamhaust pbl page, i think its worring the way its going .

https://www.spamhaus.org/pbl/