Not receiving mails with hestiacp + cloudflare

Hello, Ive got troubles with hestia cp+ cloudflare mail. I think there is problems with DNS records… If i use MX record in cloudflare it somehow bypass spam and sending mails to inbox, but only sometimes and not at first message to mail, after couple of them. But I am not able to receive mails at all.

MX domain.com webmail.domain.com 10

But if make it look like this:

MX domain.com mail.domain.com 10

I am able to receive mails, but all sent mails are going to spam. SPF, DKIM, DMARC are configured, and spam test gives me 10/10, but everything going to spam still…
My cloudflare DNS settings

image1265×349 17.1 KB

/var/log/exim4/paniclog
-bash: /var/log/exim4/paniclog: No such file or directory

/var/log/exim4/mainlog

2024-08-02 15:20:34 TLS error on connection from mail-pg1-f171.google.com [209.85.215.171] (gnutls_handshake): A disallowed SNI server name has been received.                                                     
2024-08-02 15:21:41 Start queue run: pid=2308697                                                                                                                                                                   
2024-08-02 15:21:41 1sYsY4-0080pN-Dt == [email protected] routing defer (-52): retry time not reached                                                                                                    
2024-08-02 15:21:41 1sZb6y-009DMt-Hb Message is frozen                                                                                                                                                             
2024-08-02 15:21:41 1sZUtw-0091we-EV Message is frozen                                                                                                                                                             
2024-08-02 15:21:41 End queue run: pid=2308697                                                                                                                                                                     
2024-08-02 15:25:54 TLS error on connection from mail-pl1-f170.google.com [209.85.214.170] (gnutls_handshake): A disallowed SNI server name has been received.                                                     
2024-08-02 15:26:08 TLS error on connection from mail-qt1-f177.google.com [209.85.160.177] (gnutls_handshake): A disallowed SNI server name has been received.                                                     
2024-08-02 15:41:48 TLS error on connection from mail-qk1-f172.google.com [209.85.222.172] (gnutls_handshake): A disallowed SNI server name has been received.                                                     
2024-08-02 15:45:14 1sZrek-009hKq-ER <= [email protected] H=localhost (webmail.imkim.lt) [127.0.0.1] P=esmtpa A=dovecot_login:[email protected] S=535 [email protected]                         
2024-08-02 15:45:15 1sZrek-009hKq-ER H=gmail-smtp-in.l.google.com [74.125.205.26] TLS error on connection (recv): The TLS connection was non-properly terminated.                                                  
2024-08-02 15:45:15 1sZrek-009hKq-ER => [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [74.125.205.26] X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes K C="250 2>
2024-08-02 15:45:15 1sZrek-009hKq-ER Completed                                                                                                                                                                     
2024-08-02 15:47:37 TLS error on connection from mail-ed1-f54.google.com [209.85.208.54] (gnutls_handshake): A disallowed SNI server name has been received.                                                       
2024-08-02 15:51:41 Start queue run: pid=2312327                                                                                                                                                                   
2024-08-02 15:51:41 1sYsY4-0080pN-Dt == [email protected] routing defer (-52): retry time not reached                                                                                                    
2024-08-02 15:51:41 1sZb6y-009DMt-Hb Message is frozen                                                                                                                                                             
2024-08-02 15:51:41 1sZUtw-0091we-EV Message is frozen                                                                                                                                                             
2024-08-02 15:51:41 End queue run: pid=2312327                                                                                                                                                                     
2024-08-02 15:53:09 TLS error on connection from mail-wr1-f54.google.com [209.85.221.54] (gnutls_handshake): A disallowed SNI server name has been received.  

/var/log/exim4/rejectlog

2024-08-02 12:21:17 SMTP call from prod-beryllium-us-west-22.li.binaryedge.ninja [96.126.98.234] dropped: too many syntax or protocol errors (last command was "? ?<?p?a?t?h? ?x?m?l?n?s?=?"?h?t?t?p?:?/?/?s?c?h?e>
2024-08-02 13:41:44 SMTP call from [147.185.132.120] dropped: too many unrecognized commands (last was "Accept-Encoding: gzip")                                                                                    
2024-08-02 14:21:57 rejected EHLO from [64.226.115.238]: syntactically invalid argument(s): (no argument given)                                                                                                    
2024-08-02 14:23:09 SMTP call from [64.226.115.238] dropped: too many unrecognized commands (last was "To: <sip:nm2@nm2>")                                                                                         
2024-08-02 14:31:13 rejected EHLO from [161.35.71.7]: syntactically invalid argument(s): (no argument given)                                                                                                       
2024-08-02 14:32:25 SMTP call from [161.35.71.7] dropped: too many unrecognized commands (last was "To: <sip:nm2@nm2>")    

If this screenshot is showing your actual configuration in cloud flare, there a ton of configuration issues here. you need to replace domain.com with your actual domain… and the IP address is really 1.2.3.4? it’s probably not.

I would recommend taking a step back and reviewing your basic configurations. for name servers, dns, and server ips

No no, I just did it with examples. It looks like this, but with real domain and IP. Because I am not sure if i can show my Ip )

The MX record must point to mail.domain.com instead of webmail.domain.com

I did it now, I started receiving them, but all my mails going to spam, like first ~ 20 mails per email. After somehow it appearing in inbox(GMAIL). It looks like this now:

/var/log/exim4/mainlog

2024-08-02 16:17:12 1sZs9g-009iQj-8d <= [email protected] H=mail-wm1-f54.google.com [209.85.128.54] P=esmtps X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=mail.imkim.lt K S=5665 DKIM>
2024-08-02 16:17:12 1sZs9g-009iQj-8d => info <[email protected]> R=localuser T=local_delivery
2024-08-02 16:17:12 1sZs9g-009iQj-8d Completed                                                                                                                                                                     
2024-08-02 16:21:41 Start queue run: pid=2316263                                                                                                                                                                   
2024-08-02 16:21:41 1sYsY4-0080pN-Dt remote host address is the local host: sls7.l.dedikuoti.lt                                                                                                                    
2024-08-02 16:21:41 1sYsY4-0080pN-Dt == [email protected] R=dnslookup defer (-1): remote host address is the local host                                                                                  
2024-08-02 16:21:41 1sYsY4-0080pN-Dt Frozen                                                                                                                                                                        
2024-08-02 16:21:41 1sZb6y-009DMt-Hb Message is frozen                                                                                                                                                             
2024-08-02 16:21:41 1sZUtw-0091we-EV Message is frozen                                                                                                                                                             
2024-08-02 16:21:41 End queue run: pid=2316263                                                                                                                                                                     
2024-08-02 16:28:02 1sZsK9-009ikL-Iz <= [email protected] H=mail-ot1-f74.google.com [209.85.210.74] P=esmtps X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=mail.imkim.lt>
2024-08-02 16:28:02 1sZsK9-009ikL-Iz => reports <[email protected]> R=localuser T=local_delivery
2024-08-02 16:28:02 1sZsK9-009ikL-Iz Completed                                                                                                                                                                     
2024-08-02 16:28:13 H=keeper-us-east-1d.mxtoolbox.com [18.209.86.113] sender verify fail for <[email protected]>: all relevant MX records point to non-existent hosts
2024-08-02 16:28:13 H=keeper-us-east-1d.mxtoolbox.com [18.209.86.113] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
        

/var/log/exim4/rejectlog

2024-08-02 16:03:21 SMTP call from scan-15n.shadowserver.org [184.105.247.252] dropped: too many unrecognized commands (last was "Accept: */*")                                                                    
2024-08-02 16:28:13 H=keeper-us-east-1d.mxtoolbox.com [18.209.86.113] sender verify fail for <[email protected]>: all relevant MX records point to non-existent hosts
2024-08-02 16:28:13 H=keeper-us-east-1d.mxtoolbox.com [18.209.86.113] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed

Btw Outlook Professional getting my mails to inbox, while mails to Outlook personal going to spam.

I’m sorry, I didn’t think you changed all the dns entries just to obfuscate your domains and ip. I’m a goober.

IF you’re getting 10/10 with mail-tester.com and those messages you send from that same Hestia-hosted email are still going into spam, who is the operator of the receiving network, For me, Outlook, and iCloud had additional whitelisting I had to do by reaching out to my VPS provider and completing forms for iCloud and outlooks spam service, Are you getting Undeliverable replies. or are they literally going into the spam folder in outlook?

They just going to spam at gmail, yahoo and outlook(but only personal outlook mails)

In gmail you can view the if you passed the tests opening the mail mnessage → using more (three dots) -> show original.

There you will see whether you have passed SPF, DKIM, DMARC checks. IF you passed the checks, maybe they are marking all the mails from your ip as spam because… whatever.

Yeah, everything pass… Can my mails be blocked cause of domain registered 1 month ago, or it doesnt matter?

Recent domains usually have a penalty on spam tools but usualyy no more than 15 days. But if you did all fine, spf, dmarc and dkim and configured correctly, maybe your ip is in a block list or you send some suspicious mails, or…

And why could this error happen?

2024-08-02 16:03:21 SMTP call from scan-15n.shadowserver.org [184.105.247.252] dropped: too many unrecognized commands (last was "Accept: */*")                                                                    
2024-08-02 16:28:13 H=keeper-us-east-1d.mxtoolbox.com [18.209.86.113] sender verify fail for <[email protected]>: all relevant MX records point to non-existent hosts
2024-08-02 16:28:13 H=keeper-us-east-1d.mxtoolbox.com [18.209.86.113] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed

The first one is someone scanning your server, and after a few invalid smtp commands, you Exim dropped the connection.

The other two are tests trying to test if your server is an open relay and your server blocked it.

So the errors are not really errors but your Exim server working as expected.

Thank you for explaining! The last one question would be… Do I need to change dns queries in Hestia after I moved domain nameservers from provider panel to CLoudflare? Because I see old NS queries in Hestia DNS settings. Or it does not change anything?

After changing the nameservers with the registrar to Cloudflare, all entries in HestiaCP will not be in use anymore. The only use of these entries is to configure domain keys for receiving and sending emails by entering the same TXT entries in Hestia and having them in Cloudflare.

If you do not have those TXT entries, it is popssible that mails will be stamped as spam.

But if you delete them it is fine. To use new TXT entries, you will have to recreate them later to put these entries in Cloudflare DNS.

If i change mx to mail.domain.com postmaster shows all OK, but if i keep it on webmail.domain.com, it says I need to fix dkim and spf, dmarc, I dont know, maybe I cant proxy something?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.