I can't access the mail server from inside the server

leaugu · September 4, 2025, 2:17am

Hello everyone!

I’ve recently set up a new server for my websites and performed a fresh installation of the latest version of Hestia on Debian 12.11. I successfully migrated all users from the old server to the new one without issues.

So far, everything is working correctly: I can send and receive emails from both webmail and mobile email clients. However, the issue is that WordPress contact forms are not working on any of the users’ websites. I’m using the WP Mail SMTP (by WPForms) plugin.

The plugin returns the following error when trying to connect to mail.ugutec.com.ar: SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server SMTP code: 110 Additional SMTP info: Connection timed out.

As a temporary workaround, setting the SMTP host to server.ugutec.com.ar makes it work.

So, my question is:

Why can’t I connect to the mail server using mail.ugutec.com.ar from inside the server, while it works fine when using server.ugutec.com.ar?

I’m sharing some tests I’ve performed

Hestia Control Panel v1.9.4
Operating System Debian 12.11 (x86_64)

root@server:~# cat /etc/hosts

127.0.0.1 localhost
127.0.1.1 server.ugutec.com.ar server

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.0.1 server.ugutec.com.ar

root@server:~# ping mail.ugutec.com.ar
PING mail.ugutec.com.ar (170.83.34.117) 56(84) bytes of data.
64 bytes from 170.83.34.117 (170.83.34.117): icmp_seq=1 ttl=64 time=0.242 ms
64 bytes from 170.83.34.117 (170.83.34.117): icmp_seq=2 ttl=64 time=0.298 ms
64 bytes from 170.83.34.117 (170.83.34.117): icmp_seq=3 ttl=64 time=0.319 ms
64 bytes from 170.83.34.117 (170.83.34.117): icmp_seq=4 ttl=64 time=0.286 ms

root@server:~# nslookup mail.ugutec.com.ar

Server: 10.0.0.1
Address: 10.0.0.1#53

Non-authoritative answer:
Name: mail.ugutec.com.ar
Address: 170.83.34.117

root@server:~# telnet mail.ugutec.com.ar 587
Trying 170.83.34.117…
telnet: Unable to connect to remote host: Expiró el tiempo de conexión

root@server:~# telnet server.ugutec.com.ar 587
Trying 127.0.0.1…
Connected to server.ugutec.com.ar.
Escape character is ‘^]’.
220 server.ugutec.com.ar

ivansalloum · September 4, 2025, 10:55am

From the behavior you described it looks like connections to mail.ugutec.com.ar are going out to your server’s public IP and then trying to come back in again. That usually fails when the router/firewall doesn’t support NAT loopback / hairpin NAT.

Can you confirm whether your server is sitting behind a NAT (e.g. on a private LAN with port forwarding), or if it has the public IP directly assigned? That will help narrow this down.

leaugu · September 5, 2025, 7:12pm

Hi! Thanks for the response. The server is not directly connected to the internet; it is behind a Mikrotik router with NAT. I’m ruling out a NAT Loopback or Hairpin NAT issue because the problem is internal to the server itself (server-to-server) and not from a network host to the server (host-to-server).

The main issue is that the WordPress plugin cannot connect to the domain’s own mail server to send messages.

I performed a test by modifying the /etc/hosts file and adding the mail subdomain, and it worked perfectly but I don’t think it’s the correct solution:

root@server:~# nano /etc/hosts
127.0.0.1 localhost
127.0.1.1 server.ugutec.com.ar server mail.ugutec.com.ar

I don’t have this problem on the old server with Debian 11.6 and Hestia Control Panel 1.9.4

I’d appreciate it if anyone with Debian 12.11 could run a test from their server’s console by trying to connect to their SMTP server using telnet.: “telnet mail.your-domain.com 587”

mih · September 5, 2025, 8:56pm

 telnet mail.domain.com 587
Server lookup failure:  mail.domain.co:587, Temporary failure in name resolution

Absolutely normal behavior.

 telnet mail.domain.com 587
Trying 192.168.0.80...
Connected to mail.domain.com.
Escape character is '^]'.
220 panel.domain.com

Test done after mail.domain.com was set as dns resolver. If you don’t want to use dns resolver you can use localhost, it should work.

ivansalloum · September 7, 2025, 6:59am

Hi, thanks for the extra details.

Because your server is behind a Mikrotik with NAT, the difference is exactly that mail.ugutec.com.ar resolves to your public IP (170.83.34.117), while server.ugutec.com.ar resolves locally to 127.0.0.1 from /etc/hosts.

When WordPress (or telnet) tries mail.ugutec.com.ar:587, the packets go out towards the public IP, hit the Mikrotik, and then need to come back in again. That’s hairpin NAT / NAT reflection. If it’s not enabled or not working, you’ll get the “connection timed out” behavior you saw.

That’s why adding mail.ugutec.com.ar to /etc/hosts works. It bypasses NAT and points the mail subdomain straight to localhost.

It’s not really a Debian 12 vs. Debian 11 change. More likely your old server had a different /etc/hosts setup, or your old Mikrotik rules allowed hairpin NAT and your new config doesn’t.

Options to fix it:

Keep the hosts entry (valid workaround, many admins do it).
Or set up split-horizon DNS so that internally, mail.ugutec.com.ar resolves to the server’s LAN IP instead of the public IP.
Or enable hairpin NAT on the Mikrotik so connections to the public IP loop back correctly.

That way WordPress can reach mail.ugutec.com.ar without hitting the NAT wall.

system · October 7, 2025, 6:59am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.