I can send emails but not receive them.

[Riwer]

Hello,
I have my domain configured in Cloudflare as shown in the image.
In DirectAdmin, I have temporarily turned off the firewall to isolate the issue.

I’m including the output of this command:
`echo "Subject: Test Email" | sendmail -v -f [email protected] [email protected]`

LOG: MAIN
cwd=/root 5 args: sendmail -v -f [email protected] [email protected]
LOG: MAIN
<= [email protected] U=root P=local S=354 T="Test Email"
root@admin:~# LOG: MAIN
cwd=/var/spool/exim 4 args: /usr/sbin/exim -v -Mc 1sn5nl-000000000mR-15HK
delivering 1sn5nl-000000000mR-15HK
Connecting to gmail-smtp-in.l.google.com [2a00:1450:400c:c00::1a]:25 ...
failed: Network is unreachable
LOG: MAIN
H=gmail-smtp-in.l.google.com [2a00:1450:400c:c00::1a] Network is unreachable
Clearing TFO as not first host for message
Connecting to gmail-smtp-in.l.google.com [173.194.76.26]:25 ...
failed: Connection refused
LOG: MAIN
H=gmail-smtp-in.l.google.com [173.194.76.26] Connection refused
Clearing TFO as not first host for message
Connecting to alt1.gmail-smtp-in.l.google.com [2a00:1450:4013:c16::1b]:25 ...
failed: Network is unreachable
LOG: MAIN
H=alt1.gmail-smtp-in.l.google.com [2a00:1450:4013:c16::1b] Network is unreachable
Clearing TFO as not first host for message
Connecting to alt1.gmail-smtp-in.l.google.com [142.250.153.27]:25 ...
failed: Connection refused
LOG: MAIN
H=alt1.gmail-smtp-in.l.google.com [142.250.153.27] Connection refused
Clearing TFO as not first host for message
Connecting to alt2.gmail-smtp-in.l.google.com [2a00:1450:4025:c03::1a]:25 ...
failed: Network is unreachable
LOG: MAIN
H=alt2.gmail-smtp-in.l.google.com [2a00:1450:4025:c03::1a] Network is unreachable
Clearing TFO as not first host for message
Connecting to alt3.gmail-smtp-in.l.google.com [2a00:1450:4010:c1c::1b]:25 ...
failed: Network is unreachable
LOG: MAIN
H=alt3.gmail-smtp-in.l.google.com [2a00:1450:4010:c1c::1b] Network is unreachable
Clearing TFO as not first host for message
Connecting to alt4.gmail-smtp-in.l.google.com [2404:6800:4003:c00::1b]:25 ...
failed: Network is unreachable
LOG: MAIN
H=alt4.gmail-smtp-in.l.google.com [2404:6800:4003:c00::1b] Network is unreachable
LOG: MAIN
== [email protected] R=lookuphost T=remote_smtp defer (101): Network is unreachable

No related ports are blocked on the server (25, 993, 587).
The IP is not on any blacklist.

Even a telnet to Gmail responds positively immediately (though I still can't send to anyone).


root@admin:~# telnet smtp.gmail.com 587
Trying 108.177.15.108...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 smtp.gmail.com ESMTP 5b1f17b1804b1-42cb099acf6sm24653125e9.9 - gsmtp


I'm out of ideas.

PS: I suppose it's obvious, but the emails are edited.

 

[Ohm J]

Look like problem relate to IPV6.
did you trying telnet to "2a00:1450:4025:c03::1a" yet ?

 

[Riwer]

Look like problem relate to IPV6.
did you trying telnet to "2a00:1450:4025:c03::1a" yet ?

Tried

root@admin:~# telnet 2a00:1450:4025:c03::1a 25
Trying 2a00:1450:4025:c03::1a...
telnet: Unable to connect to remote host: Network is unreachable
root@admin:~#


Port 25 is open, but I'm still getting "Connection refused" errors when I try to connect to other SMTP servers.

It's strange, I ran a test on the VPS ignoring DirectAdmin, using msmtp to send emails to Mailtrap for testing.

On ports 2525 and 587, it can send emails, but on port 25, it's rejected, which is normal since authentication is enabled.

So, is it that DirectAdmin's exim configuration is making a mistake by trying to connect to SMTP servers using port 25 when it should be using 587 due to authentication?

(I disabled IPv6 and nothing changed.)

 

[Riwer]

Here's a log after sending an email.

I find it strange that CV=no when SSL full is activated in Cloudflare and a Let's Encrypt SSL certificate is set up on the server for that domain.

2024-09-08 14:21:21 1snGuv-000000000c0-2RUq <= [email protected] H=(hidden local ip data) P=esmtpsa X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no A=plain:[email protected] S=2012 id=[email protected] T="dddddd" from <[email protected]> for [email protected]

 

[Stije]

root@admin:~# telnet smtp.gmail.com 587
Trying 108.177.15.108...
Connected to smtp.gmail.com.

Yes but as you can see the server is not using 587 but 25.

What happen if you do this:

telnet 2a00:1450:400c:c00::1a 25
or
telnet gmail-smtp-in.l.google.com 25
or
telnet 173.194.76.26 25

Google blocks connections on port 25 after some limits has been reached from your IP. Also maybe your provider blocks port 25.

Just edit config of exim to connect to port 587 instead of 25.

Also your topic subject is confusing. Your subject is:

I can send emails but not receive them.​

But you cannot send mails from the server right?

 

[Riwer]

You’re right, I’m dumb

As you point out, it’s the opposite, I can receive emails but not send them.

All those telnet commands return the same:
`telnet: Unable to connect to remote host: Connection refused`

From what I understand, it's the external servers that are refusing to accept the emails for some reason.

About the port, I thought about that, maybe my provider has blocked port 25, but the fact that it shows as open in online tests seemed strange to me.
Especially since it’s an unmanaged VPS, so I can’t expect much support either.

 

[Richard G]

maybe my provider has blocked port 25, but the fact that it shows as open in online tests

Online tests can only test incoming, not outgoing.
Every VPS is supplied by a hosting company and/or datacenter. You can contact them for support or to ask if they have port 25 closed.

Which VPS provider do you have?

 

[Ohm J]

If your provider doesn't allow outgoing port 25 for you, you have 2 choice.

1 : Move to other datacenter
2 : Using smartroute with external SMTP.

Threads relate recently, https://forum.directadmin.com/threads/email-system-in-google-cloud.71882/post-379466

 

[Stije]

All those telnet commands return the same:
`telnet: Unable to connect to remote host: Connection refused`

So port 25 is blocked i think because your telnet on port 587 works.

Do this and remove 25

Configuring and customizing Exim | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com

Than Exim will only use 587 which is not blocked.

 

[Richard G]

Do this and remove 25

Sorry to dissapoint you but this won't work. You misunderstood the meaning of this and it's also an old doc, not relevant anymore.
MTA's speak to each other on port 25. If port 25 is blocked it's end of story for direct outgoing mail.

The doc you are referring to is mentioning another port on top of port 25, not instead of. And they are talking ISP, not host.
This means your home isp. If ISP (means home isp, not your datacenter) is blocking port 25 (which a lot of them do) then you can talk SMTP to Exim via port 587.

You don't need to change this either, it's most likely taken from the old documentation. The current exim.variables.conf file aready has this setting:
daemon_smtp_ports=25 : 587 : 465
and Exim is already listening for smtp traffic for years on these 3 ports. So that's why that doc is not relevant anymore.

So this is only if you home isp blocks port 25, then you can use port 465 or 587 for smtp traffic from your home ip to your Exim on the server. But then the mail is at the server and not on destination. That communication is setup by Exim on port 25. Which can not take place on a blocked port 25.

So back to the solution, the only thing you can do about this, is stated by @Ohm J in post #8.

Option 3: ask your datacenter to open port 25 outgoing for you.

 

[Stije]

@Richard G ah yes you are right. You can still let Exim send via port 587 but than it would depends on the receiving end if the mailserver will accept it on port 587. But still you can try off course. Or via 2525 this also might work.

Or setup a smarthost relay and send via another mailserver. If your ISP blocks port 25 check if they have a relay server you can use.