/var/log/exim4/mainlog
/var/log/exim4/rejectlog
Can you help me how to solve the problem?
Show the output of this command:
grep -i 'Rejected because.*is in a black list at.*spamhaus' /var/log/exim4/mainlog | tail
Also, having the actual domain name would help to debug the issue.
When I run the above code on the server with Putty, it doesn’t produce any results. The result is the same for all domains installed on the server.
Your server has port 25 closed. I don’t think this is an issue with the firewall managed by Hestia, it’s likely being blocked by an external firewall. You should check with your hosting provider to see if they are blocking port 25 for your server.
Just in case, show the output of this command:
iptables -S
1 Like
root@la:~# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-N fail2ban-WEB
-N hestia
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-WEB
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAI L
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 155.94.154.143/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 465,587 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A fail2ban-FTP -j RETURN
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -s 146.190.229.115/32 -j REJECT --reject-with icmp-port-unr eachable
-A fail2ban-RECIDIVE -s 62.60.131.151/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 80.94.95.112/32 -j REJECT --reject-with icmp-port-unreac hable
-A fail2ban-RECIDIVE -s 195.211.188.200/32 -j REJECT --reject-with icmp-port-unr eachable
-A fail2ban-RECIDIVE -s 64.227.66.66/32 -j REJECT --reject-with icmp-port-unreac hable
-A fail2ban-RECIDIVE -s 167.99.220.28/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 85.209.134.43/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 68.183.197.100/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 67.207.83.103/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 64.227.134.126/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 61.76.112.4/32 -j REJECT --reject-with icmp-port-unreach able
-A fail2ban-RECIDIVE -s 45.140.140.48/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 43.157.92.214/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 43.134.119.89/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 41.111.162.34/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 38.47.94.38/32 -j REJECT --reject-with icmp-port-unreach able
-A fail2ban-RECIDIVE -s 209.38.18.42/32 -j REJECT --reject-with icmp-port-unreac hable
-A fail2ban-RECIDIVE -s 201.184.50.251/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 196.251.88.103/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 196.251.83.84/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 194.0.234.207/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 190.244.25.245/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 190.119.198.81/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 188.92.28.117/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 187.45.100.0/32 -j REJECT --reject-with icmp-port-unreac hable
-A fail2ban-RECIDIVE -s 187.212.39.221/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 185.255.91.226/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 185.247.19.57/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 182.93.50.90/32 -j REJECT --reject-with icmp-port-unreac hable
-A fail2ban-RECIDIVE -s 170.64.189.44/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 164.92.236.103/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 163.181.207.222/32 -j REJECT --reject-with icmp-port-unr eachable
-A fail2ban-RECIDIVE -s 159.89.168.165/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 159.89.160.213/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 159.223.10.64/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 152.53.195.199/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 143.110.252.201/32 -j REJECT --reject-with icmp-port-unr eachable
-A fail2ban-RECIDIVE -s 139.59.86.213/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 139.59.35.203/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 139.59.119.25/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 138.197.149.139/32 -j REJECT --reject-with icmp-port-unr eachable
-A fail2ban-RECIDIVE -s 134.199.198.119/32 -j REJECT --reject-with icmp-port-unr eachable
-A fail2ban-RECIDIVE -s 128.199.26.57/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 121.142.87.218/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 119.246.15.94/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 103.77.215.153/32 -j REJECT --reject-with icmp-port-unre achable
-A fail2ban-RECIDIVE -s 103.248.120.6/32 -j REJECT --reject-with icmp-port-unrea chable
-A fail2ban-RECIDIVE -s 103.153.190.121/32 -j REJECT --reject-with icmp-port-unr eachable
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -s 45.138.158.114/32 -j REJECT --reject-with icmp-port-unreachab le
-A fail2ban-SSH -j RETURN
-A fail2ban-WEB -j RETURN
root@la:~#
I contacted the server company and they said there was no blocking of port 25.
-A INPUT -p tcp -m multiport --dports 465,587 -j ACCEPT
In the rule above, port 25 must be included, but it isn’t.
Hestia adds this rule to allow access to ports 25, 465, and 587.
❯ v-list-firewall | grep 25,
5 ACCEPT TCP 25,465,587 0.0.0.0/0 no 2018-11-07
Edit the firewall rule from the Hestia Web UI to also include port 25.
Thank you. Adding port 25 solved the problem.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.