Hello, I tried to install Hestia many times on different servers, but the mail is not sent. Somewhere somewhere the first welcome letter is sent, after which the messages freeze. Mail and Google and Vivaldi were used, both for sending (user settings) and for delivery. Different hostings were used, but the result is the same
2024-03-10 23:32:32 1rjPqS-0002ZR-LQ <= [email protected] U=admin P=local S=1772 id=KnNmXHdX9WXkvmyF06770CQTnBvn9YnsZOPUX8zlvrQ@localhost.localdomain
2024-03-10 23:32:32 1rjPqS-0002ZR-LQ == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'vivaldi.net'
2024-03-10 23:33:01 1rjPqv-0002h6-TI <= [email protected] U=admin P=local S=1776 id=LsOLXnr75tM7ePqR5fDN8yN4Ej6Mc3a7FpxFQf5vT9M@localhost.localdomain
2024-03-10 23:33:03 1rjPqv-0002h6-TI H=gmail-smtp-in.l.google.com [64.233.163.27] TLS error on connection (recv): The TLS connection was non-properly terminated.
2024-03-10 23:33:03 1rjPqv-0002h6-TI H=gmail-smtp-in.l.google.com [64.233.163.27] TLS error on connection (recv): The specified session has been invalidated for some reason.
2024-03-10 23:33:03 1rjPqv-0002h6-TI ** [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [64.233.163.27] X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes: SMTP error from remote mail server after pipelined end of data: 550-5.7.26 This mail has been blocked because the sender is unauthenticated.\n550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM.\n550-5.7.26\n550-5.7.26 Authentication results:\n550-5.7.26 DKIM = did not pass\n550-5.7.26 SPF [2651149-cy23677.twc1.net] with ip: [92.118.114.177] = did not\n550-5.7.26 pass\n550-5.7.26\n550-5.7.26 For instructions on setting up authentication, go to\n550 5.7.26 https://support.google.com/mail/answer/81126#authentication i127-20020a2e2285000000b002d2230da293si1096685lji.46 - gsmtp
2024-03-10 23:33:03 1rjPqx-0002hm-SE <= <> R=1rjPqv-0002h6-TI U=Debian-exim P=local S=4451
2024-03-10 23:33:03 1rjPqx-0002hm-SE remote host address is the local host: 2651149-cy23677.twc1.net
2024-03-10 23:33:03 1rjPqx-0002hm-SE == [email protected] R=dnslookup defer (-1): remote host address is the local host
2024-03-10 23:33:03 1rjPqv-0002h6-TI Completed
2024-03-10 23:33:03 1rjPqx-0002hm-SE Frozen
DNS
;;
;; Domain: example.com.
;; Exported: 2024-03-10 20:40:14
;;
;; This file is intended for use for informational and archival
;; purposes ONLY and MUST be edited before use on a production
;; DNS server. In particular, you must:
;; -- update the SOA record with the correct authoritative name server
;; -- update the SOA record with the contact e-mail address information
;; -- update the NS record(s) with the authoritative name servers for this domain.
;;
;; For further information, please consult the BIND documentation
;; located on the following website:
;;
;; http://www.isc.org/
;;
;; And RFC 1035:
;;
;; http://www.ietf.org/rfc/rfc1035.txt
;;
;; Please note that we do NOT offer technical support for any use
;; of this zone data, the BIND name server, or any other third-party
;; DNS software.
;;
;; Use at your own risk.
;; SOA Record
example.com 3600 IN SOA bowen.ns.cloudflare.com. dns.cloudflare.com. 2046176981 10000 2400 604800 3600
;; NS Records
example.com. 86400 IN NS bowen.ns.cloudflare.com.
example.com. 86400 IN NS sunny.ns.cloudflare.com.
;; A Records
conference.jabber.example.com. 1 IN A 188.225.72.69
fastpanel.example.com. 1 IN A 92.118.114.177
hestia.example.com. 1 IN A 92.118.114.177
jabber.example.com. 1 IN A 188.225.72.69
example.com. 1 IN A 92.118.114.177
proxy.jabber.example.com. 1 IN A 188.225.72.69
pubsub.jabber.example.com. 1 IN A 188.225.72.69
upload.jabber.example.com. 1 IN A 188.225.72.69
www.example.com. 1 IN A 92.118.114.177
;; MX Records
example.com. 1 IN MX 10 mx2.beget.com.
example.com. 1 IN MX 10 mx2.timeweb.ru.
example.com. 1 IN MX 10 mx1.timeweb.ru.
example.com. 1 IN MX 10 mx1.beget.com.
;; SRV Records
_stuns._tcp.jabber.example.com. 1 IN SRV 0 14400 5349 jabber.example.com.
_stun._tcp.jabber.example.com. 1 IN SRV 0 14400 3478 jabber.example.com.
_stun._udp.jabber.example.com. 1 IN SRV 0 14400 3478 jabber.example.com.
_turns._tcp.jabber.example.com. 1 IN SRV 0 14400 5349 jabber.example.com.
_turn._tcp.jabber.example.com. 1 IN SRV 0 14400 3478 jabber.example.com.
_turn._udp.jabber.example.com. 1 IN SRV 0 14400 3478 jabber.example.com.
_xmpp-client._tcp.jabber.example.com. 1 IN SRV 100 14400 5222 jabber.example.com.
_xmpps-client._tcp.jabber.example.com. 1 IN SRV 100 14400 5223 jabber.example.com.
_xmpp-server._tcp.jabber.example.com. 1 IN SRV 100 14400 5269 jabber.example.com.
_xmpps-server._tcp.jabber.example.com. 1 IN SRV 100 14400 5270 jabber.example.com.
the error messages are not form the local server, they are from the target server. Aswell they are not related to a hestia configuration, more a (reverse-) dns configuration out of the range of hestia. Usualy it should not work on Fastpanel, as you do probaly not configure differently.
That’s just what I see about your error messages, fix them and it will work.
So I understand, but no matter how much I tried, changing hosting sites, it didn’t help. There is another trusted hosting, I’ll try to deploy it there. But in reality, on other panels, on the same hostings and servers, everything is sent to Cyberpanel, Fastpanel
I immediately set my own hostname, in this example it is not, but in general it is the domain name. DKIM and SPF where to get them if only Exim4 +Nginx+Mariabd+PHP is installed. I tried to add mail to the user by registering mail.example.com, but the certificate was not issued, the DKIM and SPF settings are not there, since apparently it’s worth installing dovecot. When I install dovecot+exim and set up mail, everything is sent, verified). Support for two hosting sites looked at what could be done, until no one understood why, so they sent it to the Hestia forum)). The DNS records that I posted above and I gave them all the information, this is the result so far. Perhaps I will understand when the time comes what is wrong. In the meantime, Global SMTP Relay
Thank you, I added, there is an error in issuing the certificate, I don’t have ipv6, I read online that it might be to blame, but it’s not on the server, it’s not in the DNS. I did not create an account other than the domain itself, for example mail.doman.com.
Error: Let's Encrypt validation status 400 (mail.angellive.ru). Details: 403:"2606:4700:3037::ac43:a11a: Invalid response from http://mail.angellive.ru/.well-known/acme-challenge/3GvRYk-mO-lOujfVE7FMmj6Icad4HJMlKasUyciHC2o: 404
Mail does not go to Vivaldi, not to gmail).
2024-03-14 21:50:03 Start queue run: pid=231917
2024-03-14 21:50:03 End queue run: pid=231917
2024-03-14 21:50:08 1rkq9Y-000yNJ-J5 <= [email protected] U=admin P=local S=1741 id=bhsx92H5uQXlbcEWA7e1f31I2kvviO7Hn9ugzhpL7Pc@localhost.localdomain
2024-03-14 21:50:15 1rkq9Y-000yNJ-J5 H=mxi-1.vivaldi.net [31.209.137.13]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [31.129.105.100]
2024-03-14 21:50:15 1rkq9Y-000yNJ-J5 H=mxi-1.vivaldi.net [31.209.137.13] TLS error on connection (recv): Error in the pull function.
2024-03-14 21:50:21 1rkq9Y-000yNJ-J5 H=mxi-2.vivaldi.net [31.209.137.14] TLS error on connection (recv): Error in the pull function.
2024-03-14 21:50:21 1rkq9Y-000yNJ-J5 == [email protected] R=dnslookup T=remote_smtp defer (-44) H=mxi-2.vivaldi.net [31.209.137.14]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [31.129.105.100]
2024-03-14 21:51:00 TLS error on connection from scanner-05.ch1.censys-scanner.com [162.142.125.214] (recv): The TLS connection was non-properly terminated.
2024-03-14 21:52:06 exim 4.95 daemon started: pid=1301, -q30m, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)
2024-03-14 21:52:06 Start queue run: pid=1350
2024-03-14 21:52:06 1rkq9Y-000yNJ-J5 == [email protected] routing defer (-52): retry time not reached
2024-03-14 21:52:06 End queue run: pid=1350
2024-03-14 21:52:39 1rkqBz-0000Sr-Fe <= [email protected] U=admin P=local S=1678 id=SCQtnA1j7WKmUXQmPIQj5Q3Gzw6Ca58TJTQ539C2So@localhost.localdomain
2024-03-14 21:52:40 1rkqBz-0000Sr-Fe H=gmail-smtp-in.l.google.com [173.194.221.27] TLS error on connection (recv): The TLS connection was non-properly terminated.
2024-03-14 21:52:40 1rkqBz-0000Sr-Fe H=gmail-smtp-in.l.google.com [173.194.221.27] TLS error on connection (recv): The specified session has been invalidated for some reason.
2024-03-14 21:52:40 1rkqBz-0000Sr-Fe ** [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.221.27] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no: SMTP error from remote mail server after pipelined end of data: 550-5.7.1 [31.129.105.100] Messages missing a valid address in From: header, or\n550-5.7.1 having no From: header, are not accepted. For more information, go to\n550-5.7.1 https://support.google.com/mail/?p=RfcMessageNonCompliant and review\n550 5.7.1 RFC 5322 specifications. f18-20020a2e9192000000b002d46e16c382si370717ljg.88 - gsmtp
2024-03-14 21:52:40 1rkqC0-0000TX-H9 <= <> R=1rkqBz-0000Sr-Fe U=Debian-exim P=local S=3823
2024-03-14 21:52:40 1rkqBz-0000Sr-Fe Completed
2024-03-14 21:52:40 1rkqC0-0000TX-H9 ** [email protected]: Unrouteable address
2024-03-14 21:52:40 1rkqC0-0000TX-H9 Frozen (delivery error message)
It is interesting that, for example, in Fastpanel, there is not even a domain in the panel, only IP, and there are no DNS settings either (since the domain is not linked to anything), and mail arrives clearly. I’m already wondering how and what it could be))
2024-03-15 00:37:55 1rkslv-0001An-Nb <= [email protected] U=admin P=local S=1745 id=PW033es601jYwV9fwLN9gwN2BfZtc8vjk4QhxJ6E8No@localhost.localdomain
2024-03-15 00:37:56 1rkslv-0001An-Nb H=gmail-smtp-in.l.google.com [173.194.221.27] TLS error on connection (recv): The TLS connection was non-properly terminated.
2024-03-15 00:37:56 1rkslv-0001An-Nb H=gmail-smtp-in.l.google.com [173.194.221.27] TLS error on connection (recv): The specified session has been invalidated for some reason.
2024-03-15 00:37:56 1rkslv-0001An-Nb ** [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.221.27] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no: SMTP error from remote mail server after pipelined end of data: 550-5.7.1 [31.129.105.100] The IP you're using to send mail is not authorized to\n550-5.7.1 send email directly to our servers. Please use the SMTP relay at your\n550-5.7.1 service provider instead. For more information, go to\n550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError v19-20020a2e87d3000000b002d46e68fb4esi414107ljj.575 - gsmtp
2024-03-15 00:37:56 1rkslw-0001BT-Ve <= <> R=1rkslv-0001An-Nb U=Debian-exim P=local S=3979
2024-03-15 00:37:56 1rkslv-0001An-Nb Completed
2024-03-15 00:40:06 1rkslw-0001BT-Ve H=hestia.angellive.ru [104.21.81.122]: SMTP timeout after initial connection: Connection timed out
2024-03-15 00:41:22 1rkspG-0001RE-TJ <= [email protected] U=admin P=local S=1731 id=0UWKvwBc2k0EAGhhjCiykze6AGeFLPLzzJcuwsgDs@localhost.localdomain
2024-03-15 00:41:24 1rkspG-0001RE-TJ H=mxi-2.vivaldi.net [31.209.137.14]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [31.129.105.100]
2024-03-15 00:41:24 1rkspG-0001RE-TJ H=mxi-2.vivaldi.net [31.209.137.14] TLS error on connection (recv): Error in the pull function.
2024-03-15 00:41:25 1rkspG-0001RE-TJ H=mxi-1.vivaldi.net [31.209.137.13] TLS error on connection (recv): Error in the pull function.
2024-03-15 00:41:25 1rkspG-0001RE-TJ == [email protected] R=dnslookup T=remote_smtp defer (-44) H=mxi-1.vivaldi.net [31.209.137.13]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [31.129.105.100]
As I wrote above, I do not have IPv6 on the server, not in the DNS. Okay, it doesn’t matter, no, no, there is a relay, otherwise this topic has already tired me and you. You can close it, there is no solution yet, maybe someday I will understand what’s wrong). Thank you all for your attention!