Timeout SMTP outgoing e-mail

graffx

Verified User
Joined
Dec 7, 2020
Messages
30
Somehow I can't send mail. On my mobile no issues and receiving on both is also no issue.
On my desktop (Mail mac) I see a ! triangle.

Time-out of the connections to the server 'mail.xxx.nl' via the default ports.

When I use the help/connection assistant I see the message:
Failed to make connection with the SMTP server.

The mail is stuck on Outgoing mail. All 3 accounts I have are IMAP with default settings which used to work.

The server is on CentOS 8. Did some updates to Exim and Dovecot, restarted them, but that didn't help.
Also reinstalled an emailaddress but no luck.
Tried to restart the server. (DA had to be restarted with Console after that because couldn't reach it)

Anyway, I'm stuck at this issue I can't send any mail. I have no idea what to try.
 
Last edited:

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
72
to me it sound like its not getting the SSL Certificate that belong to the mail domain itself. (And DirectAdmin is not confgured by default to do this. It just gives you the SSL Certificate of it self.)
Could you verify that you get the correct SSL that belongs to mail.xxx.nl? (Since i know that mobile apps are way stricter in the SSL and will not use it if it does not belong to the domain you use.)
 

graffx

Verified User
Joined
Dec 7, 2020
Messages
30
Thanks, that looks like that is the issue.
It seems to work when I look at the mailaccounts "advanced IMAP" server settings and don't use TCP/SSL.
Don't know why yet but an other account can't be changed but need to look into that a bit more.

Any idea how to get SSL working (again) for the mailserver?
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
72
I use this guide on new installs to make sure it get configured properly.
Maybe its something that will help you too.
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
72
I use this guide on new installs to make sure it get configured properly.
Maybe its something that will help you too.
Do note you need a wildcard SSL or a SSL that includes the mail.xxx.nl in your domain SSL. (The one that gets used by the SSL Certificates tab.)
 

graffx

Verified User
Joined
Dec 7, 2020
Messages
30
I use (free) LetsEncrypt SSL for the domains and mail/pop/smtp doesn't seem to be checked.
Going to look into that first. Able to use wildcard but cannot get it working yet somehow (if thats needed).
Domain is already processing an SSL request. Please allow it to finish before making other changes.

And after only testing smtp. I get the message:
[smtp.domainname.nl] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for smtp.domainname.nl - check that a DNS record exists for this domain, url:
Certificate generation failed.
 
Last edited:

graffx

Verified User
Joined
Dec 7, 2020
Messages
30
Message I get:

error: one or more domains had a problem:
[*.domainname.nl] time limit exceeded: last error: NS ns1.argewebhosting.eu. returned NXDOMAIN for _acme-challenge.domainname.nl.
Certificate generation failed.
 

graffx

Verified User
Joined
Dec 7, 2020
Messages
30
I might be a step further now.
mail.domainname.nl works but when adding checkbox smtp.domainname.nl and pop.domainname.nl I think there is a DNS issue.

The domain has a DNS directed to the IP of the VPS.
"mail A 145.123.12.12"
but there is no "smtp A 145.123.12.12" record.
on the VPS I do have these records.

Could that be the issue?
Sorry I have not much experience in this kind of things.

[pop.domainname.nl] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for pop.domainname.nl - check that a DNS record exists for this domain, url:
[smtp.domainname.nl] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for smtp.domainname.nl - check that a DNS record exists for this domain, url:
Certificate generation failed.
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
72
I might be a step further now.
mail.domainname.nl works but when adding checkbox smtp.domainname.nl and pop.domainname.nl I think there is a DNS issue.

The domain has a DNS directed to the IP of the VPS.
"mail A 145.123.12.12"
but there is no "smtp A 145.123.12.12" record.
on the VPS I do have these records.

Could that be the issue?
Sorry I have not much experience in this kind of things.
This sounds like you did not give it enough time. New records/Updating records can take between 1 min and 48 hour to be completely resolved since empty records gets cached too.
 

graffx

Verified User
Joined
Dec 7, 2020
Messages
30
I haven't done any DNS changes.
I can try to add the smtp/pop A records in the DNS and see if it works, but I don't know if thats needed when I have a "mail A record".
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
72
I haven't done any DNS changes.
I can try to add the smtp/pop A records in the DNS and see if it works, but I don't know if thats needed when I have a "mail A record".
No, not needed since at the end of the day they all point to the same IP and you still need to specify the port.
 

graffx

Verified User
Joined
Dec 7, 2020
Messages
30
I do think all I need to do is getting the SSL working for the smpt. and pop. A records.
Its weird I can't enable these 2 and the others do.

Maybe its because I have to enable SNI.

But it worked before so that's a bit weird..
 

mxroute

Verified User
Joined
Sep 24, 2019
Messages
112
When you're getting the SSL cert signed by LetsEncrypt in DirectAdmin, take a look at every record you have a check mark on and go here:


Plug in the hostname for each there and make sure it picks up the A record. Don't rely on anything you think is true, double check that someone else sees it there. Check mail, webmail, pop, smtp, whatever you need, whatever you have checked. If whatsmydns has seen the record, and that record points to your server, for at least 2 hours and it's still not working then let's see if your current error message gives any new insight.
 

graffx

Verified User
Joined
Dec 7, 2020
Messages
30
I have added pop and smtp to the external DNS and now I don't get DNS error messages anymore when using Lets Encrypt.
But my mail program still doesn't allow me to use SSL.

My guesses are CAA, but I really have no skills with this kind of stuff.

CAA record prevents issuing the certificate: SERVFAIL

Here: https://www.transip.nl/knowledgebase/artikel/479-een-caa-record-instellen/
It does say its possible to add a CAA record but it seems to be only possible on the external DNS.
Testing right now..
 
Top