So, I recently migrated all my sites to a new Cyberpanel Install.
It is a Centos 8 Server hosted on AWS Lightsail. The IP of the server is still the same as I used Detach and attach IP feature of Lightsail. I don’t have any email sending restriction on my Lightsail account.
I am running the latest version of Cyberpanel i.e 2.1 Build 2. I have not installed Mail scanner addon of Cyberpanel
Now, After migrating I am unable to receive a few emails from my WordPress installs. I use the Jetpack contact form plugin and I can receive most emails but it looks like the server is skipping a few emails.
There is no pattern it randomly does not send some email while the rest land in my inbox perfectly fine.
Here are a few things I have tried to troubleshoot but failed.
Issued email server SSL. (It is installed and shows encrypted email on emails that I can receive)
Deactivating and re-installing Jetpack.
Used Email log WordPress plugin to see if WordPress is sending all emails. And it shows all emails as sent.
Went through the Cyberpanel guide of email troubleshooting and all the services like Postfix etc are up and running.
Tried restarting the server as well as postfix both from Cyberpanel dashboard and terminal.
try to do a test and activate the email log to see what it tells us based on that we can tell you how to solve it
In general, Jeckpat works with xmlrpc files. It would be a good idea to verify the server since lsphp, which is the service that cyberpanel works with, is secured to avoid xss attacks through xmlrpc.
with the log I can tell you what is happening, another option is to have the antispam service active and it is catching the emails and they remain on the greylist
Just checked the email Log and it is filled with Warnings and errors. Here is the dump of the first 50 Lines of the email log. The log was collected after one failed delivery for my test contact form submission.
Feb 7 18:16:47 ip-172-26-6-157 postfix/smtpd[238559]: connect from unknown[85.202.169.20]
Feb 7 18:16:49 ip-172-26-6-157 postfix/smtpd[238559]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb 7 18:16:49 ip-172-26-6-157 postfix/smtpd[238559]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 7 18:20:09 ip-172-26-6-157 postfix/anvil[238561]: statistics: max connection rate 1/60s for (smtp:85.202.169.20) at Feb 7 18:16:47
Feb 7 18:20:09 ip-172-26-6-157 postfix/anvil[238561]: statistics: max connection count 1 for (smtp:85.202.169.20) at Feb 7 18:16:47
Feb 7 18:20:09 ip-172-26-6-157 postfix/anvil[238561]: statistics: max cache size 1 at Feb 7 18:16:47
Feb 7 18:22:31 ip-172-26-6-157 postfix/smtpd[238808]: connect from unknown[85.202.169.20]
Feb 7 18:22:31 ip-172-26-6-157 postfix/smtpd[238808]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb 7 18:22:32 ip-172-26-6-157 postfix/smtpd[238808]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 7 18:22:33 ip-172-26-6-157 postfix/submission/smtpd[238816]: connect from unknown[45.146.164.178]
Feb 7 18:22:35 ip-172-26-6-157 postfix/submission/smtpd[238816]: SSL_accept error from unknown[45.146.164.178]: lost connection
Feb 7 18:22:35 ip-172-26-6-157 postfix/submission/smtpd[238816]: lost connection after STARTTLS from unknown[45.146.164.178]
Feb 7 18:22:35 ip-172-26-6-157 postfix/submission/smtpd[238816]: disconnect from unknown[45.146.164.178] ehlo=1 starttls=0/1 commands=1/2
Feb 7 18:25:55 ip-172-26-6-157 postfix/anvil[238810]: statistics: max connection rate 1/60s for (smtp:85.202.169.20) at Feb 7 18:22:31
Feb 7 18:25:55 ip-172-26-6-157 postfix/anvil[238810]: statistics: max connection count 1 for (smtp:85.202.169.20) at Feb 7 18:22:31
Feb 7 18:25:55 ip-172-26-6-157 postfix/anvil[238810]: statistics: max cache size 2 at Feb 7 18:22:33
Feb 7 18:28:02 ip-172-26-6-157 postfix/smtpd[239020]: connect from unknown[85.202.169.20]
Feb 7 18:28:04 ip-172-26-6-157 postfix/smtpd[239020]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb 7 18:28:04 ip-172-26-6-157 postfix/smtpd[239020]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 7 18:28:36 ip-172-26-6-157 postfix/smtpd[239020]: connect from www12-azure.checktls.com[40.76.159.115]
Feb 7 18:28:37 ip-172-26-6-157 postfix/smtpd[239020]: disconnect from www12-azure.checktls.com[40.76.159.115] ehlo=2 starttls=1 mail=1 quit=1 commands=5
Feb 7 18:31:57 ip-172-26-6-157 postfix/anvil[239022]: statistics: max connection rate 1/60s for (smtp:85.202.169.20) at Feb 7 18:28:02
Feb 7 18:31:57 ip-172-26-6-157 postfix/anvil[239022]: statistics: max connection count 1 for (smtp:85.202.169.20) at Feb 7 18:28:02
Feb 7 18:31:57 ip-172-26-6-157 postfix/anvil[239022]: statistics: max cache size 2 at Feb 7 18:28:36
Feb 7 18:33:41 ip-172-26-6-157 postfix/smtpd[239249]: connect from unknown[85.202.169.20]
Feb 7 18:33:42 ip-172-26-6-157 postfix/smtpd[239249]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb 7 18:33:42 ip-172-26-6-157 postfix/smtpd[239249]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 7 18:34:33 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 1 secs): user=<>, rip=185.167.97.31, lip=172.26.6.157, TLS, session=<GwgS2nHXjN+5p2Ef>
Feb 7 18:35:31 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=45.146.164.178, lip=172.26.6.157, session=<PteK3XHXA/AtkqSy>
Feb 7 18:35:37 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 1 secs): user=<>, rip=45.146.164.178, lip=172.26.6.157, session=<sP/d3XHXA/AtkqSy>
Feb 7 18:36:27 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=45.56.106.254, lip=172.26.6.157, session=<E+Pc4HHXSO4tOGr+>
Feb 7 18:37:02 ip-172-26-6-157 postfix/anvil[239251]: statistics: max connection rate 1/60s for (smtp:85.202.169.20) at Feb 7 18:33:41
Feb 7 18:37:02 ip-172-26-6-157 postfix/anvil[239251]: statistics: max connection count 1 for (smtp:85.202.169.20) at Feb 7 18:33:41
Feb 7 18:37:02 ip-172-26-6-157 postfix/anvil[239251]: statistics: max cache size 1 at Feb 7 18:33:41
Feb 7 18:37:14 ip-172-26-6-157 postfix/pickup[238101]: 7D118A2C8D: uid=5005 from=<tunnelt>
Feb 7 18:37:14 ip-172-26-6-157 postfix/cleanup[239454]: 7D118A2C8D: message-id=<[email protected]>
Feb 7 18:37:14 ip-172-26-6-157 opendkim[986]: 7D118A2C8D: DKIM-Signature field added (s=default, d=tunnel2tech.com)
Feb 7 18:37:14 ip-172-26-6-157 postfix/qmgr[3741]: 7D118A2C8D: from=<[email protected]>, size=1789, nrcpt=1 (queue active)
Feb 7 18:37:15 ip-172-26-6-157 postfix/smtp[239458]: 7D118A2C8D: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2607:f8b0:400e:c08::1a]:25, delay=0.66, delays=0.14/0.02/0.15/0.36, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c08::1a] said: 550-5.7.1 [2600:1f14:95:9100:f30f:9482:d5e4:71aa] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 . l186si10075607pgd.110 - gsmtp (in reply to end of DATA command))
Feb 7 18:37:15 ip-172-26-6-157 postfix/cleanup[239454]: 207B1A2C8E: message-id=<[email protected]>
Feb 7 18:37:15 ip-172-26-6-157 postfix/bounce[239459]: 7D118A2C8D: sender non-delivery notification: 207B1A2C8E
Feb 7 18:37:15 ip-172-26-6-157 postfix/qmgr[3741]: 207B1A2C8E: from=<>, size=4909, nrcpt=1 (queue active)
Feb 7 18:37:15 ip-172-26-6-157 postfix/qmgr[3741]: 7D118A2C8D: removed
Feb 7 18:37:15 ip-172-26-6-157 postfix/pipe[239460]: 207B1A2C8E: to=<[email protected]>, relay=dovecot, delay=0.04, delays=0/0.01/0/0.03, dsn=5.1.1, status=bounced (user unknown)
Feb 7 18:37:15 ip-172-26-6-157 postfix/qmgr[3741]: 207B1A2C8E: removed
Feb 7 18:39:17 ip-172-26-6-157 postfix/smtpd[239687]: connect from unknown[85.202.169.20]
Feb 7 18:39:19 ip-172-26-6-157 postfix/smtpd[239687]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb 7 18:39:19 ip-172-26-6-157 postfix/smtpd[239687]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 7 18:40:06 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=185.167.97.31, lip=172.26.6.157, TLS, session=<xKrx7XHX8IK5p2Ef>
Feb 7 18:40:18 ip-172-26-6-157 postfix/qmgr[3741]: 8F026A2C89: from=<[email protected]>, size=911, nrcpt=1 (queue active)
Feb 7 18:37:15 ip-172-26-6-157 postfix/smtp[239458]: 7D118A2C8D: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2607:f8b0:400e:c08::1a]:25, delay=0.66, delays=0.14/0.02/0.15/0.36, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c08::1a] said: 550-5.7.1 [2600:1f14:95:9100:f30f:9482:d5e4:71aa] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 . l186si10075607pgd.110 - gsmtp (in reply to end of DATA command))
It seems that it is more about the records than the server since I see that your domain is tunnel2tech.com correct?
from line 37 to 39 it fails with dkim validates that they are ok you can see this from the server’s own records if you want you can use a dig @8.8.8.8 hostname A to see if your own server has record A
I recommend you to guide you here since it seems something of the mail delivery associated with cyberpanel, I also recommend that you use the command tail -f /path | grep domain.com and with cntrl+c you cancel the previous command
Yes, The main domain is Tunnel2tech.com. Looks like it is caused by DKIM and SPF records only. As i migrated this site from the previous Cyberpanel install and then synced my Cloudflare records with cyberpanel with API feature. Will try to resolve the DKIM and SPF issue.
Also, Here is the output of dig command on my server.
I have noticed when use cloudflare need to remove " from dkim see below not sure if you use cyberpanel dns never try that.
Cyber panel give DKIM
"v=DKIM1; h=sha256; k=rsa; "
“p=MIIBIjANBgkqhkiG9w0BmtudjnIBCgKCAQEAxSEgSm+V2sI8alDrFlySTjz6wZh+xUJVqnqJ6UTfUm8dkY1LKPeOINPlGFnT9ugxdK4XvJuVh22mig/L5xCoP70M8IeNTfNcCjWgNhtsB5m2mV1V3U6jg//F0Cvs5Zq+eZISEYmMO4L/xZZtjJkS4bewthtnedfdbsfe2ht34w5jkekm/BTmaXkC3hJ3pe0Rm7szI0V2RBYngg”
“JQF8ChNmoxufDPGtReGclfEW+zvx1qerrevregegEuE41t65Z24vvDujK/xJNEiZNsCK058lnZDaM8n2y7FEWOPSHw1pxGZLIvFPSkMQCIfnHlKxOP7AxoXNhbh9FysQWftIJV9WOwIDAQAB”