Mail is not sent to any addresses or from any mail or server

Hello, I tried to install Hestia many times on different servers, but the mail is not sent. Somewhere somewhere the first welcome letter is sent, after which the messages freeze. Mail and Google and Vivaldi were used, both for sending (user settings) and for delivery. Different hostings were used, but the result is the same

2024-03-10 23:32:32 1rjPqS-0002ZR-LQ <= [email protected] U=admin P=local S=1772 id=KnNmXHdX9WXkvmyF06770CQTnBvn9YnsZOPUX8zlvrQ@localhost.localdomain
2024-03-10 23:32:32 1rjPqS-0002ZR-LQ == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 'vivaldi.net'
2024-03-10 23:33:01 1rjPqv-0002h6-TI <= [email protected] U=admin P=local S=1776 id=LsOLXnr75tM7ePqR5fDN8yN4Ej6Mc3a7FpxFQf5vT9M@localhost.localdomain
2024-03-10 23:33:03 1rjPqv-0002h6-TI H=gmail-smtp-in.l.google.com [64.233.163.27] TLS error on connection (recv): The TLS connection was non-properly terminated.
2024-03-10 23:33:03 1rjPqv-0002h6-TI H=gmail-smtp-in.l.google.com [64.233.163.27] TLS error on connection (recv): The specified session has been invalidated for some reason.
2024-03-10 23:33:03 1rjPqv-0002h6-TI ** [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [64.233.163.27] X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes: SMTP error from remote mail server after pipelined end of data: 550-5.7.26 This mail has been blocked because the sender is unauthenticated.\n550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM.\n550-5.7.26\n550-5.7.26  Authentication results:\n550-5.7.26  DKIM = did not pass\n550-5.7.26  SPF [2651149-cy23677.twc1.net] with ip: [92.118.114.177] = did not\n550-5.7.26 pass\n550-5.7.26\n550-5.7.26  For instructions on setting up authentication, go to\n550 5.7.26  https://support.google.com/mail/answer/81126#authentication i127-20020a2e2285000000b002d2230da293si1096685lji.46 - gsmtp
2024-03-10 23:33:03 1rjPqx-0002hm-SE <= <> R=1rjPqv-0002h6-TI U=Debian-exim P=local S=4451
2024-03-10 23:33:03 1rjPqx-0002hm-SE remote host address is the local host: 2651149-cy23677.twc1.net
2024-03-10 23:33:03 1rjPqx-0002hm-SE == [email protected] R=dnslookup defer (-1): remote host address is the local host
2024-03-10 23:33:03 1rjPqv-0002h6-TI Completed
2024-03-10 23:33:03 1rjPqx-0002hm-SE Frozen

DNS

;;
;; Domain:     example.com.
;; Exported:   2024-03-10 20:40:14
;;
;; This file is intended for use for informational and archival
;; purposes ONLY and MUST be edited before use on a production
;; DNS server.  In particular, you must:
;;   -- update the SOA record with the correct authoritative name server
;;   -- update the SOA record with the contact e-mail address information
;;   -- update the NS record(s) with the authoritative name servers for this domain.
;;
;; For further information, please consult the BIND documentation
;; located on the following website:
;;
;; http://www.isc.org/
;;
;; And RFC 1035:
;;
;; http://www.ietf.org/rfc/rfc1035.txt
;;
;; Please note that we do NOT offer technical support for any use
;; of this zone data, the BIND name server, or any other third-party
;; DNS software.
;;
;; Use at your own risk.
;; SOA Record
example.com	3600	IN	SOA	bowen.ns.cloudflare.com. dns.cloudflare.com. 2046176981 10000 2400 604800 3600

;; NS Records
example.com.	86400	IN	NS	bowen.ns.cloudflare.com.
example.com.	86400	IN	NS	sunny.ns.cloudflare.com.

;; A Records
conference.jabber.example.com.	1	IN	A	188.225.72.69
fastpanel.example.com.	1	IN	A	92.118.114.177
hestia.example.com.	1	IN	A	92.118.114.177
jabber.example.com.	1	IN	A	188.225.72.69
example.com.	1	IN	A	92.118.114.177
proxy.jabber.example.com.	1	IN	A	188.225.72.69
pubsub.jabber.example.com.	1	IN	A	188.225.72.69
upload.jabber.example.com.	1	IN	A	188.225.72.69
www.example.com.	1	IN	A	92.118.114.177

;; MX Records
example.com.	1	IN	MX	10 mx2.beget.com.
example.com.	1	IN	MX	10 mx2.timeweb.ru.
example.com.	1	IN	MX	10 mx1.timeweb.ru.
example.com.	1	IN	MX	10 mx1.beget.com.

;; SRV Records
_stuns._tcp.jabber.example.com.	1	IN	SRV	0 14400 5349 jabber.example.com.
_stun._tcp.jabber.example.com.	1	IN	SRV	0 14400 3478 jabber.example.com.
_stun._udp.jabber.example.com.	1	IN	SRV	0 14400 3478 jabber.example.com.
_turns._tcp.jabber.example.com.	1	IN	SRV	0 14400 5349 jabber.example.com.
_turn._tcp.jabber.example.com.	1	IN	SRV	0 14400 3478 jabber.example.com.
_turn._udp.jabber.example.com.	1	IN	SRV	0 14400 3478 jabber.example.com.
_xmpp-client._tcp.jabber.example.com.	1	IN	SRV	100 14400 5222 jabber.example.com.
_xmpps-client._tcp.jabber.example.com.	1	IN	SRV	100 14400 5223 jabber.example.com.
_xmpp-server._tcp.jabber.example.com.	1	IN	SRV	100 14400 5269 jabber.example.com.
_xmpps-server._tcp.jabber.example.com.	1	IN	SRV	100 14400 5270 jabber.example.com.

I installed a new one, the result is the same, I installed Fastpanel on the same server, the mail goes out fine

2024-03-12 20:12:19 exim 4.95 daemon started: pid=52138, -q30m, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)
2024-03-12 20:12:19 Start queue run: pid=52154
2024-03-12 20:12:19 End queue run: pid=52154
2024-03-12 20:12:29 exim 4.95 daemon started: pid=53007, -q30m, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)
2024-03-12 20:12:29 Start queue run: pid=53036
2024-03-12 20:12:29 End queue run: pid=53036
2024-03-12 20:12:59 1rk8Ud-000Fxu-Rn <= [email protected] U=root P=local S=3239 [email protected]
2024-03-12 20:13:08 1rk8Ud-000Fxu-Rn H=mxi-1.vivaldi.net [31.209.137.13]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [5.35.82.146]
2024-03-12 20:13:08 1rk8Ud-000Fxu-Rn H=mxi-1.vivaldi.net [31.209.137.13] TLS error on connection (recv): Error in the pull function.
2024-03-12 20:13:15 1rk8Ud-000Fxu-Rn H=mxi-2.vivaldi.net [31.209.137.14] TLS error on connection (recv): Error in the pull function.
2024-03-12 20:13:15 1rk8Ud-000Fxu-Rn == [email protected] R=dnslookup T=remote_smtp defer (-44) H=mxi-2.vivaldi.net [31.209.137.14]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [5.35.82.146]
2024-03-12 20:13:42 exim 4.95 daemon started: pid=1691, -q30m, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)
2024-03-12 20:13:42 Start queue run: pid=1694
2024-03-12 20:13:42 1rk8Ud-000Fxu-Rn == [email protected] routing defer (-52): retry time not reached
2024-03-12 20:13:42 End queue run: pid=1694
2024-03-12 20:14:15 pid 1691: SIGHUP received: re-exec daemon
2024-03-12 20:14:15 exim 4.95 daemon started: pid=1691, -q30m, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)
2024-03-12 20:14:15 Start queue run: pid=3096
2024-03-12 20:14:15 1rk8Ud-000Fxu-Rn == [email protected] routing defer (-52): retry time not reached
2024-03-12 20:14:15 End queue run: pid=3096

probaly your issue

and here is another one…

As I already wrote, Fastpanel leaves normally from the same server, I changed hosts, servers, the same result, Hestia does not sends mail)

the error messages are not form the local server, they are from the target server. Aswell they are not related to a hestia configuration, more a (reverse-) dns configuration out of the range of hestia. Usualy it should not work on Fastpanel, as you do probaly not configure differently.

That’s just what I see about your error messages, fix them and it will work.

So I understand, but no matter how much I tried, changing hosting sites, it didn’t help. There is another trusted hosting, I’ll try to deploy it there. But in reality, on other panels, on the same hostings and servers, everything is sent to Cyberpanel, Fastpanel

Change the hostname of the server to something you can control

Set up proper DNS for that server including the DKIM records and SPF and try again…

I immediately set my own hostname, in this example it is not, but in general it is the domain name. DKIM and SPF where to get them if only Exim4 +Nginx+Mariabd+PHP is installed. I tried to add mail to the user by registering mail.example.com, but the certificate was not issued, the DKIM and SPF settings are not there, since apparently it’s worth installing dovecot. When I install dovecot+exim and set up mail, everything is sent, verified). Support for two hosting sites looked at what could be done, until no one understood why, so they sent it to the Hestia forum)). The DNS records that I posted above and I gave them all the information, this is the result so far. Perhaps I will understand when the time comes what is wrong. In the meantime, Global SMTP Relay

hostnamectl set-hostname peretimebeli.ru && sudo apt update && sudo apt upgrade -y && sudo systemctl stop snapd && sudo systemctl disable snapd && sudo apt purge snapd -y && rm -rf ~/snap && sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd /root/snap && apt purge zabbix-agent-timeweb* -y && sudo nano /etc/ssh/sshd_config && sudo service ssh restart && apt autoremove -y && systemctl daemon-reload && wget https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh && sudo bash hst-install.sh --apache no --phpfpm yes --multiphp no --vsftpd no --proftpd no --named no --mysql yes --mysql-classic no --postgresql no --exim yes --dovecot yes --sieve yes --clamav no --spamassassin yes --iptables yes --fail2ban yes --quota no --api no --interactive yes --with-debs no  --port '2083' --hostname 'hestia.peretimebeli.ru' --email '[email protected]' --password 'pasvord' --lang 'ru' 

SPF and DKIM does not require dovecot

If you click on:

You can see the DNS records you need to copy over

this isnt a valid hostname, please see RFC1178

Sorry, it was just an example, peretiazhkamebeli.ru this host is used

Thank you, I added, there is an error in issuing the certificate, I don’t have ipv6, I read online that it might be to blame, but it’s not on the server, it’s not in the DNS. I did not create an account other than the domain itself, for example mail.doman.com.

Error: Let's Encrypt validation status 400 (mail.angellive.ru). Details: 403:"2606:4700:3037::ac43:a11a: Invalid response from http://mail.angellive.ru/.well-known/acme-challenge/3GvRYk-mO-lOujfVE7FMmj6Icad4HJMlKasUyciHC2o: 404

Mail does not go to Vivaldi, not to gmail).

2024-03-14 21:50:03 Start queue run: pid=231917
2024-03-14 21:50:03 End queue run: pid=231917
2024-03-14 21:50:08 1rkq9Y-000yNJ-J5 <= [email protected] U=admin P=local S=1741 id=bhsx92H5uQXlbcEWA7e1f31I2kvviO7Hn9ugzhpL7Pc@localhost.localdomain
2024-03-14 21:50:15 1rkq9Y-000yNJ-J5 H=mxi-1.vivaldi.net [31.209.137.13]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [31.129.105.100]
2024-03-14 21:50:15 1rkq9Y-000yNJ-J5 H=mxi-1.vivaldi.net [31.209.137.13] TLS error on connection (recv): Error in the pull function.
2024-03-14 21:50:21 1rkq9Y-000yNJ-J5 H=mxi-2.vivaldi.net [31.209.137.14] TLS error on connection (recv): Error in the pull function.
2024-03-14 21:50:21 1rkq9Y-000yNJ-J5 == [email protected] R=dnslookup T=remote_smtp defer (-44) H=mxi-2.vivaldi.net [31.209.137.14]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [31.129.105.100]
2024-03-14 21:51:00 TLS error on connection from scanner-05.ch1.censys-scanner.com [162.142.125.214] (recv): The TLS connection was non-properly terminated.
2024-03-14 21:52:06 exim 4.95 daemon started: pid=1301, -q30m, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)
2024-03-14 21:52:06 Start queue run: pid=1350
2024-03-14 21:52:06 1rkq9Y-000yNJ-J5 == [email protected] routing defer (-52): retry time not reached
2024-03-14 21:52:06 End queue run: pid=1350
2024-03-14 21:52:39 1rkqBz-0000Sr-Fe <= [email protected] U=admin P=local S=1678 id=SCQtnA1j7WKmUXQmPIQj5Q3Gzw6Ca58TJTQ539C2So@localhost.localdomain
2024-03-14 21:52:40 1rkqBz-0000Sr-Fe H=gmail-smtp-in.l.google.com [173.194.221.27] TLS error on connection (recv): The TLS connection was non-properly terminated.
2024-03-14 21:52:40 1rkqBz-0000Sr-Fe H=gmail-smtp-in.l.google.com [173.194.221.27] TLS error on connection (recv): The specified session has been invalidated for some reason.
2024-03-14 21:52:40 1rkqBz-0000Sr-Fe ** [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.221.27] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no: SMTP error from remote mail server after pipelined end of data: 550-5.7.1 [31.129.105.100] Messages missing a valid address in From: header, or\n550-5.7.1 having no From: header, are not accepted. For more information, go to\n550-5.7.1  https://support.google.com/mail/?p=RfcMessageNonCompliant and review\n550 5.7.1 RFC 5322 specifications. f18-20020a2e9192000000b002d46e16c382si370717ljg.88 - gsmtp
2024-03-14 21:52:40 1rkqC0-0000TX-H9 <= <> R=1rkqBz-0000Sr-Fe U=Debian-exim P=local S=3823
2024-03-14 21:52:40 1rkqBz-0000Sr-Fe Completed
2024-03-14 21:52:40 1rkqC0-0000TX-H9 ** [email protected]: Unrouteable address
2024-03-14 21:52:40 1rkqC0-0000TX-H9 Frozen (delivery error message)



It is interesting that, for example, in Fastpanel, there is not even a domain in the panel, only IP, and there are no DNS settings either (since the domain is not linked to anything), and mail arrives clearly. I’m already wondering how and what it could be))

P.S. I did the mail in admin, not in user

… have a look what I wrote above …

We don’t support ipv6 yet …

I understand you, I almost wrote it wrong, the host is naturally used hestia.example.com, but the mail when configured uses example.com

2024-03-15 00:37:55 1rkslv-0001An-Nb <= [email protected] U=admin P=local S=1745 id=PW033es601jYwV9fwLN9gwN2BfZtc8vjk4QhxJ6E8No@localhost.localdomain
2024-03-15 00:37:56 1rkslv-0001An-Nb H=gmail-smtp-in.l.google.com [173.194.221.27] TLS error on connection (recv): The TLS connection was non-properly terminated.
2024-03-15 00:37:56 1rkslv-0001An-Nb H=gmail-smtp-in.l.google.com [173.194.221.27] TLS error on connection (recv): The specified session has been invalidated for some reason.
2024-03-15 00:37:56 1rkslv-0001An-Nb ** [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.221.27] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no: SMTP error from remote mail server after pipelined end of data: 550-5.7.1 [31.129.105.100] The IP you're using to send mail is not authorized to\n550-5.7.1 send email directly to our servers. Please use the SMTP relay at your\n550-5.7.1 service provider instead. For more information, go to\n550 5.7.1  https://support.google.com/mail/?p=NotAuthorizedError v19-20020a2e87d3000000b002d46e68fb4esi414107ljj.575 - gsmtp
2024-03-15 00:37:56 1rkslw-0001BT-Ve <= <> R=1rkslv-0001An-Nb U=Debian-exim P=local S=3979
2024-03-15 00:37:56 1rkslv-0001An-Nb Completed
2024-03-15 00:40:06 1rkslw-0001BT-Ve H=hestia.angellive.ru [104.21.81.122]: SMTP timeout after initial connection: Connection timed out
2024-03-15 00:41:22 1rkspG-0001RE-TJ <= [email protected] U=admin P=local S=1731 id=0UWKvwBc2k0EAGhhjCiykze6AGeFLPLzzJcuwsgDs@localhost.localdomain
2024-03-15 00:41:24 1rkspG-0001RE-TJ H=mxi-2.vivaldi.net [31.209.137.14]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [31.129.105.100]
2024-03-15 00:41:24 1rkspG-0001RE-TJ H=mxi-2.vivaldi.net [31.209.137.14] TLS error on connection (recv): Error in the pull function.
2024-03-15 00:41:25 1rkspG-0001RE-TJ H=mxi-1.vivaldi.net [31.209.137.13] TLS error on connection (recv): Error in the pull function.
2024-03-15 00:41:25 1rkspG-0001RE-TJ == [email protected] R=dnslookup T=remote_smtp defer (-44) H=mxi-1.vivaldi.net [31.209.137.13]: SMTP error from remote mail server after RCPT TO:<[email protected]>: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [31.129.105.100]

As I wrote above, I do not have IPv6 on the server, not in the DNS. Okay, it doesn’t matter, no, no, there is a relay, otherwise this topic has already tired me and you. You can close it, there is no solution yet, maybe someday I will understand what’s wrong). Thank you all for your attention!

The DNS with Cloudflare is giving you problems. So, in Cloudflare DNS do the following:

Add one A record “webmail.angellive.ru” with IP: 31.129.105.100. This is compulsory to create one SSL certificate under the tab “MAIL”.

Change the A record for mail to DNS only (from Proxied) by clicking on the orange button.

Make sure that the A record for the subdomain mail has 31.129.105.100.

Create one SSL of Let’s encrypt for the domain angellive.ru (not under “WEB” tab but) under the “MAIL” tab.

Thereafter the Smtp relay to Google as well as https://webmail.angellive.ru should work.

I have seen that the DNS records for mx.peretiazhkamebeli.ru are not correct. So Google will not accept emails.

Thank you! I’m still looking for a solution. I added everything you wrote, I’ll see what happens.