HestiaCP Mail Server Issues - All Standard Repair Methods Failed

briceka · September 15, 2025, 2:10am

I am experiencing a critical issue with my mail server that I have been unable to resolve despite extensive troubleshooting. My Roundcube login fails, and I get a Connection refused error when trying to connect via SMTP on my website.

I have followed all standard repair procedures, but the core HestiaCP CLI tools seem to be corrupted. Is there any way to fix this without resorting to a full fresh OS installation?

My Environment:

Operating System: Ubuntu 22.04 LTS
HestiaCP Version: Unsure, but installed recently.
VPS Provider: Contabo

Troubleshooting Steps and Findings:

I have confirmed that the dovecot and exim4 services are running.
My HestiaCP firewall has all mail ports (25, 143, 465, 587, 993, 995) set to ACCEPT.
The ss command shows that Exim4 is not listening on ports 465 or 587.

Bash
```
root@panel:~# sudo ss -tulpn | grep 465
root@panel:~# 
```

The Exim4 log shows that it’s only listening on port 25 and has no certificate.

Bash

# (Excerpt from /var/log/exim4/mainlog)
2025-09-15 03:55:35 exim 4.97 daemon started: pid=72003, -q30m, listening for SMTP on port 25 (IPv6 and IPv4)
2025-09-15 03:55:35 Warning: No server certificate defined; will use a selfsigned one.

I attempted to rebuild the mail configuration with the v-rebuild-mail-domains command, but it gave a harmless-looking rm error and did not fix the problem.

Bash

root@panel:~# v-rebuild-mail-domains [username] [yourdomain.com]
rm: cannot remove '/home/[username]/conf/mail/[yourdomain.com]/ip': No such file or directory

The v-add-letsencrypt-mail command, which is required to add SSL, is completely missing.

Bash

root@panel:~# v-add-letsencrypt-mail [username] [yourdomain.com]
v-add-letsencrypt-mail: command not found

The standard installer script gave a safety error, and the core repair script is missing.

Bash

root@panel:~# bash /usr/local/hestia/install/upgrade/upgrade.sh
bash: /usr/local/hestia/install/upgrade/upgrade.sh: No such file or directory

A manual attempt to download the repair script also failed.

Bash

root@panel:~# wget https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/upgrade/upgrade.sh
...
ERROR 404: Not Found.

It seems my HestiaCP CLI tools and core files are corrupted, preventing any automated repairs from working. Is there an alternative method or a specific command I can use to manually repair the installation without a fresh OS install?

Thank you for your time and assistance.

sahsanu · September 15, 2025, 8:03am

Show the output of this command:

curl -fsSLm10 https://7j.gg/hcpver | bash -s --

Show the output of these commands (execute them one by one):

systemctl status exim4 --no-pager -l
dpkg -l | grep exim4
ls -la /etc/exim4/
head -n20 /etc/exim4/exim4.conf.template
grep -Ev '^$|^#' /etc/exim4/update-exim4.conf.conf

That “error” doesn’t matter and there is already a PR to avoid showing that “error”.

Hestia doesn’t have such command.. The right command to add a Let’s Encrypt certificate to a mail domain is:

v-add-letsencrypt-domain YourUser YourDomain '' yes

briceka · September 15, 2025, 6:24pm

root@panel:\~# curl -fsSLm10 https://7j.gg/hcpver | bash -s –
Software                 Version

---

OS            Ubuntu 24.04.3 LTS
Hestia                     1.9.4
Hestia-nginx              1.27.4
Hestia-php                8.3.17
FileGator                 7.13.0
Nginx                     1.29.1
Apache2                   2.4.58
PHP8.3                    8.3.25
PHP8.2                    8.2.29
PHP8.1                    8.1.33
PHP8.0                    8.0.30
Awstats                      7.9
Exim4                       4.97
Dovecot                   2.3.21
Spamassassin               4.0.0
Clamav                     1.4.3
Roundcube                 1.6.11
Vsftpd                     3.0.5
Bind9                    9.18.39
Mariadb                   11.4.8
phpMyAdmin                 5.2.2
Fail2ban                   1.0.2

sahsanu:

Show the output of these commands (execute them one by one):

systemctl status exim4 --no-pager -l
dpkg -l | grep exim4
ls -la /etc/exim4/
head -n20 /etc/exim4/exim4.conf.template
grep -Ev '^$|^#' /etc/exim4/update-exim4.conf.conf

root@panel:\~# systemctl status exim4 --no-pager -l
● exim4.service - exim Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/exim4.service; enabled; preset: enabled)
Active: active (running) since Mon 2025-09-15 04:06:10 CEST; 16h ago
Docs: man:exim(8)

https://exim.org/docs.html


Process: 82263 ExecStartPre=/usr/sbin/update-exim4.conf $UPEX4OPTS (code=exited, status=0/SUCCESS)
Main PID: 82602 (exim4)
Tasks: 1 (limit: 28794)
Memory: 14.4M (peak: 29.3M)
CPU: 18.641s
CGroup: /system.slice/exim4.service
└─82602 /usr/sbin/exim4 -bdf -q30m

Sep 15 04:06:09 panel.domain.com systemd\[1\]: Starting exim4.service - exim Mail Transport Agent…
Sep 15 04:06:10 panel.domain.com systemd\[1\]: Started exim4.service - exim Mail Transport Agent.

root@panel:\~# dpkg -l | grep exim4
ii  exim4                              4.97-4ubuntu4.3                          all          metapackage to ease Exim MTA (v4) installation
ii  exim4-base                         4.97-4ubuntu4.3                          amd64        support files for all Exim MTA (v4) packages
ii  exim4-config                       4.97-4ubuntu4.3                          all          configuration for the Exim MTA (v4)
ii  exim4-daemon-heavy                 4.97-4ubuntu4.3                          amd64        Exim MTA (v4) daemon with extended features, including exiscan-acl

root@panel:\~# ls -la /etc/exim4/

total 148
drwxr-xr-x   4 root root         4096 Sep 15 03:55 .
drwxr-xr-x 133 root root        12288 Sep 15 03:35 ..
drwxr-xr-x   9 root root         4096 Sep 15 00:14 conf.d
-rw-r–r--   1 root root           32 Sep  3 15:11 dnsbl.conf
drwxr-xr-x   2 root root         4096 Sep 15 03:58 domains
-rw-r–r--   1 root root        81484 Sep 15 03:55 exim4.conf.template
-rw-r-----   1 root root        20260 Sep 12 18:30 exim4.conf.template.save
-rw-r–r--   1 root root            4 Sep  3 15:11 limit.conf
-rw-r-----   1 root Debian-exim   204 Mar 21 15:14 passwd.client
-rw-r–r--   1 root root            0 Sep  3 15:11 spam-blocks.conf
-rw-r-----   1 root Debian-exim    17 Sep  3 15:11 srs.conf
-rw-r–r--   1 root root          444 Sep  3 15:11 system.filter
-rw-r–r--   1 root root         1055 Sep 15 00:45 update-exim4.conf.conf
-rw-r–r--   1 root root            0 Sep  3 15:11 white-blocks.conf

root@panel:\~# head -n20 /etc/exim4/exim4.conf.template
#####################################################

### main/01_exim4-config_listmacrosdefs

#####################################################
######################################################################

# Runtime configuration file for Exim 4 (Debian Packaging)

######################################################################

######################################################################

# /etc/exim4/exim4.conf.template is only used with the non-split

# configuration scheme.

# /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs is only used

# with the split configuration scheme.

# If you find this comment anywhere else, somebody copied it there.

# Documentation about the Debian exim4 configuration scheme can be

# found in /usr/share/doc/exim4-base/README.Debian.gz.

######################################################################

######################################################################

# MAIN CONFIGURATION SETTINGS

######################################################################

root@panel:\~# grep -Ev ‘^$|^#’ /etc/exim4/update-exim4.conf.conf
dc_eximconfig_configtype=‘internet’
dc_other_hostnames=‘panel.domain.com ; domain.com’
dc_local_interfaces=‘0.0.0.0 ; ::0’
dc_readhost=‘’
dc_relay_domains=‘’
dc_minimaldns=‘false’
dc_relay_nets=‘’
dc_smarthost=‘’
CFILEMODE=‘644’
dc_use_split_config=‘true’
dc_hide_mailname=‘’
dc_mailname_in_oh=‘true’
dc_localdelivery=‘maildir_home’
root@panel:\~#

sahsanu · September 15, 2025, 6:32pm

Looks like /etc/exim4/exim4.conf.template was overwritten on September 12th.

cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup
cp /etc/exim4/exim4.conf.template.save /etc/exim4/exim4.conf.template
systemctl restart exim4

And try again.

briceka · September 15, 2025, 6:40pm

root@panel:~# cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup
im4.conf.template.save /etc/exim4/exim4.conf.template
systemctl restart exim4root@panel:~# cp /etc/exim4/exim4.conf.template.save /etc/exim4/exim4.conf.template
root@panel:~# systemctl restart exim4
root@panel:~#

Still shows Login failed when I try to log in roundcube webmail.

briceka · September 15, 2025, 6:41pm

and when I try to test smtp, it shows:
Whoops! There were some problems with your input.

Connection could not be established with host “ssl://mail.domain.com:465”: stream_socket_client(): Unable to connect to ssl://mail.domain.com:465 (Connection refused)

sahsanu · September 15, 2025, 8:02pm

Looks like you updated your OS and the conf has been overwritten.

Show me if the exim conf is the one used by Hestia.

head -n30 /etc/exim4/exim4.conf.template.save

briceka · September 15, 2025, 8:21pm

root@panel:/etc/exim4/conf.d/main# head -n30 /etc/exim4/exim4.conf.template.save
######################################################################

# 

# Exim configuration file for Hestia Control Panel

# 

######################################################################

primary_hostname = mail.domain.com
smtp_active_hostname = mail.domain.com

SPAMASSASSIN = yes
SPAM_SCORE = 50
SPAM_REJECT_SCORE = 100
CLAMD = yes

smtp_banner = $smtp_active_hostname

# smtp_active_hostname = ${lookup dnsdb{>: defer_never,ptr=$interface_address}{${listextract{1}{$value}}}{$primary_hostname}}

add_environment = <; PATH=/bin:/usr/bin
keep_environment =
disable_ipv6 = true
smtp_accept_max = 100
smtp_accept_max_per_host = 20

SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}

smtputf8_advertise_hosts =
domainlist local_domains = dsearch;/etc/exim4/domains/
domainlist relay_to_domains = dsearch;/etc/exim4/domains/
hostlist relay_from_hosts = 127.0.0.1
hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf
hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf

sahsanu · September 15, 2025, 8:33pm

You have modified the conf file, but it looks like the right one.

I didn’t pay attention to the conf file /etc/exim4/update-exim4.conf.conf, but that is not the correct one, you must modify it.

This is the current configuration:

dc_eximconfig_configtype=‘internet’
dc_other_hostnames=‘panel.domain.com ; domain.com’
dc_local_interfaces=‘0.0.0.0 ; ::0’
dc_readhost=‘’
dc_relay_domains=‘’
dc_minimaldns=‘false’
dc_relay_nets=‘’
dc_smarthost=‘’
CFILEMODE=‘644’
dc_use_split_config=‘true’
dc_hide_mailname=‘’
dc_mailname_in_oh=‘true’
dc_localdelivery=‘maildir_home’

And it must look like this:

dc_eximconfig_configtype='local'
dc_other_hostnames='panel.domain.com'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

Once modified, restart exim.

briceka · September 15, 2025, 8:42pm

Done. But, testing smtp shows:

Whoops! There were some problems with your input.
Connection could not be established with host “ssl://mail.domain.com:465”: stream_socket_client(): Failed to enable crypto

and Roundcube Webmail still says “Login failed”

sahsanu · September 15, 2025, 8:45pm

Share your actual domain name. Also, what happened to your OS? Because looks like dovecot conf could be wrong too.

Also:

systemctl restart exim4
systemctl status exim4 --no-pager -l

briceka · September 15, 2025, 9:10pm

I have sent a PM. Kindly respond.

briceka · September 15, 2025, 9:13pm

root@panel:~# systemctl restart exim4
root@panel:~# systemctl status exim4 --no-pager -l
● exim4.service - exim Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/exim4.service; enabled; preset: enabled)
Active: active (running) since Mon 2025-09-15 23:13:00 CEST; 1s ago
Docs: man:exim(8)

Process: 272749 ExecStartPre=/usr/sbin/update-exim4.conf $UPEX4OPTS (code=exited, status=0/SUCCESS)
Main PID: 272993 (exim4)
Tasks: 4 (limit: 28794)
Memory: 33.2M (peak: 33.9M)
CPU: 843ms
CGroup: /system.slice/exim4.service
├─272993 /usr/sbin/exim4 -bdf -q30m
├─272996 /usr/sbin/exim4 -q
├─273001 /usr/sbin/exim4 -q
└─273003 /usr/sbin/exim4 -q

Sep 15 23:12:59 panel.domain.com systemd[1]: Starting exim4.service - exim Mail Transport Agent…
Sep 15 23:13:00 panel.domain.com systemd[1]: Started exim4.service - exim Mail Transport Agent.
root@panel:~#

briceka · September 15, 2025, 11:12pm

I was experiencing an issue with mail server(email client).

The mail issue was caused by a mix of configuration problems with Exim and SSL certificates. The setup was corrected by adjusting Exim’s configuration, updating TLS certificate paths, and ensuring the correct values in /etc/hosts and related configs. Additional fixes included disabling unused POP3 support in Dovecot and rebuilding the mail domain configuration.

Testing was then performed using an external mail client (Thunderbird) to confirm that both SSL and STARTTLS worked as expected. After these changes, mail delivery and authentication started working correctly.

This was all possible through the help of @sahsanu .