Can't send or receive email using DirectAdmin on CentOS 8

[cupcode]

Hi, recently I installed DA on CentOS 8 and after now I checked if I can send or receive emails but I can't.
sending and receiving email internally (inside server) works. I have selinux disabled, firewalld is not running and seems by default email ports 25,587 etc. are open in csf and selinux . but when I check my server open ports using this tool, it says port 25 is closed. So if the problem is with closed ports, How can I open these ports on my server?

 

[Richard G]

See if iptables is installed on your server. If you have csf running, first disable it via commandline with csf -x as command.
Then use this command:

iptables -L

You should see 3 policies (input, output and forward) which should all state ACCEPT.
Telnet localhost like this:

telnet localhost 25

If it will connect to exim then it's running and port 25 is open. You can type exit to get out of the connection.

Leave CSF disabled for the moment.
Now check with CSF/LFD disabled with the tool if the port is still closed. If yes, contact your datacenter.

If not, enable CSF and repeat the process. Check if both incoming and outgoing the ports are open in csf.conf.

 

[cupcode]

Here is my console output :

[root@server ~]# csf -x
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `INVDROP'
Flushing chain `INVALID'
Flushing chain `SMTPOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `INVDROP'
Deleting chain `INVALID'
Deleting chain `SMTPOUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `POSTROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `INVDROP'
Flushing chain `INVALID'
Flushing chain `SMTPOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `INVDROP'
Deleting chain `INVALID'
Deleting chain `SMTPOUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `POSTROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
csf and lfd have been disabled
[root@server ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
# Warning: iptables-legacy tables present, use iptables-legacy to see them
[root@server ~]# telnet localhost 25
-bash: telnet: command not found
[root@server ~]# dnf install telnet
Last metadata expiration check: 2:09:32 ago on Mon 24 Aug 2020 05:19:13 PM +.
Dependencies resolved.
============================================================================
Package       Architecture  Version                     Repository        S
============================================================================
Installing:
telnet        x86_64        1:0.17-73.el8_1.1           AppStream         7

Transaction Summary
============================================================================
Install  1 Package

Total download size: 72 k
Installed size: 153 k
Is this ok [y/N]: y
Downloading Packages:
telnet-0.17-73.el8_1.1.x86_64.rpm               1.8 MB/s |  72 kB     00:00
----------------------------------------------------------------------------
Total                                           214 kB/s |  72 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :
  Installing       : telnet-1:0.17-73.el8_1.1.x86_64
  Running scriptlet: telnet-1:0.17-73.el8_1.1.x86_64
  Verifying        : telnet-1:0.17-73.el8_1.1.x86_64

Installed:
  telnet-1:0.17-73.el8_1.1.x86_64

Complete!
[root@server ~]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 server.*.ir ESMTP Exim 4.94 Mon, 24 Aug 2020 19:28:55 +0430
exit
500 unrecognized command
^X
500 unrecognized command
^C^Z
exit
Connection closed by foreign host.

I didn't totaly understand the rest of steps

 

[Richard G]

I didn't totaly understand the rest of steps

That's not a big problem. Things look fine to me except that there are a lot more chains then I expected and ipv6 is not working. I might have been mistaken in that you had to type quit instead of exit with the telnet command, but that's not an issue either because eventually Exim will close the connection anyway.

After disabling CSF, the policy looks fine. So far so good.

Trying ::1...
This connection was refused.

This means that ipv6 is not reachable, or Exim is not listening on ipv6. Do you have an ipv6 or do you have it disabled? If disabled you better also put an # before the ::1 in /etc/hosts or remove that line completely from there.

At least on ipv4 Exim is listening on port 25, that's a good thing.

The only thing I missed... maybe that is what you mean by the rest of the steps, is the new test if the port are opened externally.

So I try to make it more clear.
Again do csf -x or leave CSF disabled if it's disabled now.

Now again check, using the tool you used before to see if port 25 is still blocked.

You can also send me a pm with your ip and I can check ports for you if you want.

If your port 25 still shows closed, then contact your host/datacenter if they have some firewalling or port 25 blocking.

 

[cupcode]

That's not a big problem. Things look fine to me except that there are a lot more chains then I expected and ipv6 is not working. I might have been mistaken in that you had to type quit instead of exit with the telnet command, but that's not an issue either because eventually Exim will close the connection anyway.

After disabling CSF, the policy looks fine. So far so good.


This means that ipv6 is not reachable, or Exim is not listening on ipv6. Do you have an ipv6 or do you have it disabled? If disabled you better also put an # before the ::1 in /etc/hosts or remove that line completely from there.

At least on ipv4 Exim is listening on port 25, that's a good thing.

The only thing I missed... maybe that is what you mean by the rest of the steps, is the new test if the port are opened externally.

So I try to make it more clear.
Again do csf -x or leave CSF disabled if it's disabled now.

Now again check, using the tool you used before to see if port 25 is still blocked.

You can also send me a pm with your ip and I can check ports for you if you want.

If your port 25 still shows closed, then contact your host/datacenter if they have some firewalling or port 25 blocking.

Thank you so much. I just contacted my server provider and they said they have blocked this port to avoid spams and now they whitelisted my server.

 

[Richard G]

You're welcome. Nice to see it's fixed now.