External mail not reaching Server

Discussion in 'Installation/Configuration' started by AndyJor, Aug 19, 2024.

Tags:
Page 1 of 2
  1. AndyJor

    AndyJor New Member

    Good day, I have a new install ,
    All websites are finally operational, ( I had problems with VPS hoster )
    Emails worked , a bit for a Day then stopped working
    Pinging Mail goes to my testing site
    ping mail.macspares.co.za
    PING mail.macspares.co.za (41.61.20.116) 56(84) bytes of data.
    64 bytes from newco.co.za (41.61.20.116): icmp_seq=1 ttl=53 time=56.0 ms
    64 bytes from newco.co.za (41.61.20.116): icmp_seq=2 ttl=53 time=40.1 ms
    64 bytes from newco.co.za (41.61.20.116): icmp_seq=3 ttl=53 time=40.4 ms
    does not go to macspares.co.za
    I have deleted the stestsite and restarted the VPS with same results
    Local mail is delivered ie a macspares.co.za mail to myself is delivered

    I have run the "htf Report " but its to big to post in this thread so I created a PDF

    traceroute also fails

    oot@andy-ubuntu-22:/home/andy# tcptraceroute mail.macspares.co.za 2525
    Selected device wlp2s0, address 192.168.1.101, port 41197 for outgoing packets
    Tracing the path to mail.macspares.co.za (41.61.20.116) on TCP port 2525, 30 hops max
    1 192.168.1.1 1.259 ms 1.365 ms 0.971 ms
    2 * * *
    3 100.127.255.70 57.977 ms 55.042 ms 38.834 ms
    4 196.4.93.80 80.834 ms 47.911 ms 40.032 ms
    5 100.127.3.10 34.923 ms 55.403 ms 38.118 ms
    6 100.127.3.16 43.309 ms 49.930 ms 45.011 ms
    7 100.127.3.17 40.028 ms 50.044 ms 39.330 ms
    8 1-grid.ixp.capetown (196.60.70.6) 41.246 ms 45.076 ms 38.376 ms
    9 edge-rt1.wdpr.te3-3-vl29.1-grid.net (41.185.0.38) 34.469 ms 48.693 ms 49.649 ms
    10 wdpr-cor-rs1.vl23.1-grid.net (41.185.0.29) 41.284 ms 1583.219 ms *
    11 * * *
    12 * * *
    13 * * *
    14 * * *
    15 * * *
    16 * * *
    17 * * *
    18 * * *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * *
    27 * * *
    28 * * *
    29 * * *
    30 * * *
    Destination not reached
     

    Attached Files:

    AndyJor, Aug 19, 2024
    #1
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Code:
    $ ping -c 3 mail.macspares.co.za
PING mail.macspares.co.za (41.61.20.116) 56(84) bytes of data.
64 bytes from 41.61.20.116 (41.61.20.116): icmp_seq=1 ttl=46 time=184 ms
64 bytes from 41.61.20.116 (41.61.20.116): icmp_seq=2 ttl=46 time=184 ms
64 bytes from 41.61.20.116 (41.61.20.116): icmp_seq=3 ttl=46 time=184 ms

--- mail.macspares.co.za ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 184.420/184.427/184.441/0.009 ms
tale@ika ~
$ ping -c 3 macspares.co.za
PING macspares.co.za (41.61.20.116) 56(84) bytes of data.
64 bytes from 41.61.20.116 (41.61.20.116): icmp_seq=1 ttl=46 time=185 ms
64 bytes from 41.61.20.116 (41.61.20.116): icmp_seq=2 ttl=46 time=184 ms
64 bytes from 41.61.20.116 (41.61.20.116): icmp_seq=3 ttl=46 time=184 ms

--- macspares.co.za ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 184.455/184.477/184.511/0.496 ms
tale@ika ~
$
    mail.macspares.co.za and macspares.co.za resolve to the same IP from name service, so if one works the other should also work.
    A new install of what? If you have ISPConfig, my signature has link to e-mail setup tutorial with troubleshooting instructions.
     
    Taleman, Aug 19, 2024
    #2
  3. AndyJor

    AndyJor New Member

     
    AndyJor, Aug 19, 2024
    #3
  4. AndyJor

    AndyJor New Member

    Hi Taleman, thank you for your help.
    I am in the process of upgrading my VPS
    I have installed ISPConfig on a Ubuntu 22.04
    Server: jor60-nix03.hostserv.co.za (Ubuntu 22.04.4 LTS (Jammy Jellyfish)) ISPConfig 3.2.12p1

    my ping :
    ping macspares.co.za
    PING macspares.co.za (41.61.20.116) 56(84) bytes of data.
    64 bytes from newco.co.za (41.61.20.116): icmp_seq=1 ttl=53 time=56.0 ms
    64 bytes from newco.co.za (41.61.20.116): icmp_seq=2 ttl=53 time=37.8 ms
    64 bytes from newco.co.za (41.61.20.116): icmp_seq=3 ttl=53 time=56.6 ms

    goes to newco.co.za , its a site that I set up to test the install and have now deleted
    However you getting a standard ping . .

    I have not read your write-up for the email server . .
    I will read it now, thank you
     
    AndyJor, Aug 19, 2024
    #4
  5. AndyJor

    AndyJor New Member

    looks like the problem lies with the reverse DNS

    host 41.61.20.116
    116.20.61.41.in-addr.arpa domain name pointer newco.co.za

    looks like I'm getting somewhere
    Can I set this up under the DNS tags ?
    Reason Im asking is the Hosting company has a weird setup were they have a cpanel (Sometimes ) per website . .
    I could not set the A records if I did not have the cpanel for that site
    macspares.co.za does not have the cpanel
     
    AndyJor, Aug 19, 2024
    #5
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Code:
    $ host 41.61.20.116
Host 116.20.61.41.in-addr.arpa. not found: 3(NXDOMAIN)
    Are you running your own name server and have configured the PTR there? Then it works for you but does not work from the public Internet. My signature has link to dns setup tutorial that tries to explain this, among other things.
     
    Taleman, Aug 19, 2024
    #6
  7. AndyJor

    AndyJor New Member

    No I am not running my own name ser, however I suspect that ther service provider is.
    I requested they set up a reverse dns for macspares.co.za and fridge school.co.za
    Now i get , on the server "jor60-nix03:"
    host 41.61.20.116
    116.20.61.41.in-addr.arpa domain name pointer fridgeschool.co.za.
    116.20.61.41.in-addr.arpa domain name pointer macspares.co.za.
    and
    host macspares.co.za 41.61.20.116
    Using domain server:
    Name: 41.61.20.116
    Address: 41.61.20.116#53
    Aliases:

    macspares.co.za has address 41.61.20.116
    macspares.co.za mail is handled by 10 mail.macspares.co.za.

    I have set up my DNS's as Foillows
    :
    Yes A macspares.co.za. 41.61.20.116 0 3600
    Yes A mail 41.61.20.116 0 3600
    Yes A mail.macspares.co.za 41.61.20.116 0 3600
    Yes A www 41.61.20.116 0 3600
    Yes CNAME macspares.co.za www.macspares.co.za 0 3600
    Yes MX macspares.co.za. mail.macspares.co.za. 10 3600
    Yes NS macspares.co.za. linus.ns.1-grid.co.za. 0 3600
    Yes NS macspares.co.za. linus.ns.1-grid.com. 0 3600
    Yes PTR 116.20.61.41.in-addr.arpa macspares.co.za. 0 3600
    Yes PTR 116.20.61.41.in-addr.arpa mail.macspares.co.za. 0 3600
    Yes TXT macspares.co.za. v=spf1 mx a ~all 0 3600

    but still no results
     
    Last edited: Aug 20, 2024
    AndyJor, Aug 20, 2024
    #7
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Where did you set this up? It's not the DNS configuration of your domain. I guess you set it up in ISPConfig, but your ISPConfig server is not the authoritative DNS server for this zone, so this configuration is not used. Check at intodns.com, the DNS servers of your zone are:

    linus.ns.1-grid.com. ['41.185.8.21'] (NO GLUE) [TTL=7200]
    linus.ns.1-grid.co.za. ['41.185.8.22'] (NO GLUE) [TTL=7200]
    linus.ns.1-grid.co.uk. ['41.185.8.21'] (NO GLUE) [TTL=7200]
    linus.ns.1-grid.net. ['41.185.8.22'] (NO GLUE) [TTL=7200]

    Which means that the DNS records of your zone must be set up there and not on your ISPConfig server.
     
    till, Aug 20, 2024
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    E.g. your current Mail server is 1-grid-mx04.com as set up in DNS on the linus.ns.1-grid.com server, so all mail must be sent to 1-grid-mx04.com, and that's why you do not receive any emails to your ISPConfig system.
     
    till, Aug 20, 2024
    #9
  10. AndyJor

    AndyJor New Member

    From the service provider
    So it seems I have an error in my DNS records

    My Check from my VPS named : jor60-nix03 with IP 41.61.20.116
    from jor60-nix03
    host 41.61.20.116
    116.20.61.41.in-addr.arpa domain name pointer macspares.co.za.
    116.20.61.41.in-addr.arpa domain name pointer fridgeschool.co.za.

    Here are my PTR records

    Yes PTR .............116.20.61.41.in-addr.arpa ............macspares.co.za. ..................0........ 3600
    Yes PTR .............116.20.61.41.in-addr.arpa ............mail.macspares.co.za. ...........0 ........3600
    Yes PTR .............116.20.61.41.in-addr.arpa .............macspares.co.za. ..................0 ........3600
    Yes PTR ..............mail.macspares.co.za. ..................116.20.61.41.in-addr.arpa .....0........ 3600

    but nothing works
     
    AndyJor, Aug 21, 2024
    #10
  11. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You should not do random stuff and hope eventually it starts working. Saying nothing works is not very helpful. What exactly is not working and how did you verify it is not working?
    To learn about DNS name service, look it up in Wikipedia https://en.wikipedia.org/wiki/Domain_Name_System (page is available in 79 languages), articles in reputable Internet sites and books, for example "DNS and Bind" by Albitz and Liu. Use https://intodns.com/ to check your name service setup is reasonably OK.
    Your e-mail server should have mailname, for example mail.macspares.co.za. Then you set up PTR so that IP of that host returns the mailname. Other e-mail servers check this when receiving e-mail. If you can not fix the PTR records, other way is to set mailname to what name service now returns for the IP:
    Code:
    $ host 41.61.20.116
116.20.61.41.in-addr.arpa domain name pointer jor60-nix03.hostserv.co.za.
    Do not set multiple PTR records for the same FQDN, it just confuses things.
     
    Taleman, Aug 21, 2024
    #11
  12. AndyJor

    AndyJor New Member

    Hi Taleman,
    Your response is greatly appreciated. I am definitely no Coder or whatever anybody wishes to identity this by, however i have been maintaining amongst others , my own VPS for +20 years so a bit of handyman here.. .. ..
    The current problem is I am upgrading the VPS, final steps is the Email, .In the beginning I simply copied the DNS over from my old ISPConfig then I found out that in the interim years the ISP change the systems and I was "Locked out " of some stuff example A records and now REVERSE DNS the ISP had to change the A records and now gave me reverse DNS records for two websites

    I have always found the best way to resolve these types of problems is to read . . .
    and check and try and ask people that know much much more than me

    Moving forward
    I strongly suspect that the ISP has closed access to my port 25
    On the VPS
    nmap localhost
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    110/tcp open pop3
    143/tcp open imap
    and
    telnet mail.macspares.co.za 53
    Trying 41.61.20.116...
    Connected to mail.macspares.co.za.
    Escape character is '^]'.
    =================
    However
    =================
    outside the VPS
    curl 41.61.20.116:25
    curl: (28) Failed to connect to 41.61.20.116 port 25 after 133454 ms: Connection timed out
    and
    root@andy-ubuntu-22:/home/andy# telnet macspares.co.za 25
    Trying 41.61.20.116...
    telnet: Unable to connect to remote host: Connection timed out
    +++++++++++++++++
    BUT
    ++++++++++++++++
    telnet mail.macspares.co.za 53
    Trying 41.61.20.116...
    Connected to mail.macspares.co.za.
    Escape character is '^]'.

    Can I change the the mail port 25 to port 53 ?
    what will be the implications ?
     
    AndyJor, Aug 21, 2024
    #12
  13. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You can but it wont work.
    Did you solve the PTR problem since you now talk about port 25?
    Have you read the e-mail tutorial, link in my signature, which tells how to setup e-mail server? Read also the comments, there is info on how to test if port is open.
     
    Taleman, Aug 21, 2024
    #13
    Th0m and ahrasis like this.
  14. AndyJor

    AndyJor New Member

    Hi everyone, firstly, thank you for taking time to assist, its greatly appreciated.
    I have move forward but only a bit.
    it transpired that the reverse DNS did not point to my hostname
    It took a week for the Service provider to resolve
    Now that the reverse DNS are suposed to be pointing to my server I can move on

    My current problem is I can send and receive local mails but no emails come in or out the server
    It seems to indicate a mis-match of certificates
    I have repeatedly tried :: ispconfig_update.sh --force
    and got new certificates and also then first deleted the old "Lets encrypt " certificates
    here are my mail.log as well as mail.err log
    Has anybody got any further insight to share , . .
    it would be greatly appreciated
     
    AndyJor, Aug 29, 2024
    #14
  15. AndyJor

    AndyJor New Member

    I have also Run debug "/usr/local/ispconfig/server/server.sh "
    and it seem to come out without errors
     
    AndyJor, Aug 29, 2024
    #15
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    So your mail server works, certificates do not matter much for email, email receiving will work nontheless.

    Most likely your DNS setup is still wrong.

    You verified that emails ending and receiving locally works, so there is no issue with your server here.

    I recommend you use intodns.com to check your DNS setup is correct now.
     
    till, Aug 29, 2024
    #16
  17. AndyJor

    AndyJor New Member

    https://intodns.com/macspares.co.za seems to give a clean bill of health . . .
     
    AndyJor, Aug 29, 2024
    #17
  18. till

    till Super Moderator Staff Member ISPConfig Developer

    It's not about showing green there, it's about if the systems mentioned there are indeed your servers. So you run multiple ISPConfig servers, and these are their hostnames and IP addresses?

    Code:
    5 1-grid-mx02.com 41.185.249.30 41.185.249.80 41.185.249.90 41.185.249.20 41.185.249.100 41.185.249.70 41.185.249.60 41.185.249.50 (no glue)
5 1-grid-mx03.co.za 41.61.250.90 41.61.250.50 41.61.250.60 41.61.250.100 41.61.250.30 41.61.250.80 41.61.250.20 (no glue)
5 1-grid-mx04.com 41.61.249.100 41.61.249.70 41.61.249.50 41.61.249.90 41.61.249.20 41.61.249.80 41.61.249.30 41.61.249.60 (no glue)
5 1-grid-mx01.co.za 41.185.250.90 41.185.250.20 41.185.250.30 41.185.250.50 41.185.250.80 41.185.250.60 41.185.250.70 41.185.250.100 (no glue)
    Because that's the mail systems of this domain. If these IP addresses and servers are not your ISPConfig servers, then your DNS MX-Records are wrong, so not an issue of your ISPConfig server.
     
    till, Aug 29, 2024
    #18
  19. AndyJor

    AndyJor New Member

    https://www.checktls.com/TestReceiver throws a few errors . . .
    its not happy with the " Cert Hostname DOES NOT VERIFY (1-grid-mx01.co.za != *.hostserv.co.za | DNS:*.hostserv.co.za "

    https://ssl-tools.net/mailservers/macspares.co.za is really not happy with a host mistmatch buit I dont know how to rectify the problem
     
    AndyJor, Aug 29, 2024
    #19
  20. AndyJor

    AndyJor New Member

    Til, thank you for your time its appreciated
    No. a single ISP1Config .All those 1-grid mx records are the server providers
    I have put them in to a single website "macspares.co.za " to try for anyone that will work . . . my reasoning is " if they provided then it should speed up delivery"
    VPS Name :: jor60-nix03
    Hostname : : jor60-nix03.hostserv.co.za
    Current (attempted) mail server macspares.co.za
    IP of VPS ::
    41.61.20.116
     
    AndyJor, Aug 29, 2024
    #20
Page 1 of 2

Share This Page