I want to make sure that my server is working well and that it is well protected
I got this message from my host so I want to make sure that everything is fine
You are about to reach the connection limit on your server
Dear Ahmed,
We have noticed a significant increase of outgoing connections from your server with IP 86.48.0.129 (vmi1169018). The level of SMTP traffic on port 25/tcp is unusually high and at this pace you will hit the limit soon and all connections on this port will be blocked until the next day.
We do this to protect the reputation of our network and to make sure that your Ipâs, and all our customers, will not be blacklisted.
The most common explanation of such a spike in outgoing connections is that your server was hacked. If this is the case, we recommend reinstalling your server from scratch.
If these connections are initiated by you on purpose, please reply to this email and let us know what the expected traffic volume is and we will adjust the limits accordingly.
Thank you for your cooperation and understanding.
Best,
Your Contabo support team
Exim statistics from 2024-10-11 00:04:08 to 2024-10-21 01:39:30
Grand total summary
-------------------
At least one address
TOTAL Volume Messages Addresses Hosts Delayed Failed
Received 60MB 29569 1 514 1.7% 27120 91.7%
Delivered 2400KB 2302 2302 341
Rejects 1179 114
Temp Rejects 7 1
Deliveries by transport
-----------------------
Volume Messages
local_delivery 23KB 2
remote_smtp 2377KB 2300
Messages received per hour (each dot is 35 messages)
----------------------------------------------------
I donât know how many mails you are delivering so I canât say too much with that partial log but 27120 failed mails (91,7%) usually means that someone is using your server to send spam, maybe a compromised user/pass, a wordpress plugin orâŚ
Thank you for your insights. It has become clear to me that the issue was caused by one of my forums on the server, where users are attempting to register for spam. Unfortunately, it appears that the protection system did not function effectively, resulting in failed email deliveries. Therefore, I have temporarily disabled registrations on the forum until further notice.
Additionally, I have a question. Whenever I perform an action in the Hestia control panel, such as adding a database, emails are often sent to Gmail and end up in the spam folder, or I receive an error message in the logs similar to this:
1 [email protected] <[email protected]> R=dnslookup
T=remote_smtp H=gmail-smtp-in.l.google.com [142.250.27.26]
X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256
CV=yes: SMTP error from remote mail server after pipelined
end of data: 550-5.7.26 Your email has been blocked
because the sender is unauthenticated.
550-5.7.26 Gmail requires all senders to authenticate with either
SPF or DKIM.
550-5.7.26
550-5.7.26 Authentication
results:
550-5.7.26 DKIM = did not pass
550-5.7.26 SPF [courses.tecwindow.net] with ip: [86.48.0.129]
= did not pass
550-5.7.26
550-5.7.26 For instructions
on setting up authentication, go to
550 5.7.26 https://support.google.com/mail/answer/81126#authentication
a640c23a62f3a-a9a91333b4fsi115691666b.294 - gsmtp
You must add it to Hestia but you also need to create the right records (SPF, DMARC and DKIM TXT records) with the info provided by Hestia on your DNS server.
Ok, is there a guide explaining how I can do this?
Also should I do this with the main domain tecwindow.net
Or should I do this with the main domain tecwindow.net and all subdomains?
You just need to add a new mail domain with that subdomain and enable DKIM when creating it. Then check the DNS records Hestia has assigned and create the TXT records for courses.tecwindow.net on Cloudflare.
Once the mail domain has been added, you can view the DNS records here:
You already did it with the main domain.
You must do it with every domain/subdomain you want to send mail from.
Ok, thank you,
I use dynadot as a domain provider,
and Cloudflare for SSL
Should I add the values ââin dynadot or should I add them in Cloudflare
or both together
, I edited the post.