Cyberpanel Not Sending All Emails

Hey,

So, I recently migrated all my sites to a new Cyberpanel Install.

It is a Centos 8 Server hosted on AWS Lightsail. The IP of the server is still the same as I used Detach and attach IP feature of Lightsail. I don’t have any email sending restriction on my Lightsail account.

I am running the latest version of Cyberpanel i.e 2.1 Build 2. I have not installed Mail scanner addon of Cyberpanel

Now, After migrating I am unable to receive a few emails from my WordPress installs. I use the Jetpack contact form plugin and I can receive most emails but it looks like the server is skipping a few emails.

There is no pattern it randomly does not send some email while the rest land in my inbox perfectly fine.

Here are a few things I have tried to troubleshoot but failed.

  1. Issued email server SSL. (It is installed and shows encrypted email on emails that I can receive)
  2. Deactivating and re-installing Jetpack.
  3. Used Email log WordPress plugin to see if WordPress is sending all emails. And it shows all emails as sent.
  4. Went through the Cyberpanel guide of email troubleshooting and all the services like Postfix etc are up and running.
  5. Tried restarting the server as well as postfix both from Cyberpanel dashboard and terminal.

Use SMTP plugin for wp mail much more reliable than PHP mailer.

1 Like

That looks like the last option. If everything fails will switch to SMTP

Please show me the score result of //email/testTo:
for your domain

1 Like

Hello,

In order to give you more precise information I would like to verify the mail log you can find it here Log files on CyberPanel - CyberPanel

try to do a test and activate the email log to see what it tells us based on that we can tell you how to solve it

In general, Jeckpat works with xmlrpc files. It would be a good idea to verify the server since lsphp, which is the service that cyberpanel works with, is secured to avoid xss attacks through xmlrpc.

with the log I can tell you what is happening, another option is to have the antispam service active and it is catching the emails and they remain on the greylist

1 Like

Hey,

Thank you for your reply.

I got the “Cert Hostname DOES NOT VERIFY” error. Rest all are Ok. The Score was 112. Will try to solve this error.

By the way, I am not using this domain + email to send out emails to subscribers or any other users. Using it only to receive WordPress admin emails.

Hey,

Thank you for your reply.

Just checked the email Log and it is filled with Warnings and errors. Here is the dump of the first 50 Lines of the email log. The log was collected after one failed delivery for my test contact form submission.

Feb  7 18:16:47 ip-172-26-6-157 postfix/smtpd[238559]: connect from unknown[85.202.169.20]
Feb  7 18:16:49 ip-172-26-6-157 postfix/smtpd[238559]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb  7 18:16:49 ip-172-26-6-157 postfix/smtpd[238559]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb  7 18:20:09 ip-172-26-6-157 postfix/anvil[238561]: statistics: max connection rate 1/60s for (smtp:85.202.169.20) at Feb  7 18:16:47
Feb  7 18:20:09 ip-172-26-6-157 postfix/anvil[238561]: statistics: max connection count 1 for (smtp:85.202.169.20) at Feb  7 18:16:47
Feb  7 18:20:09 ip-172-26-6-157 postfix/anvil[238561]: statistics: max cache size 1 at Feb  7 18:16:47
Feb  7 18:22:31 ip-172-26-6-157 postfix/smtpd[238808]: connect from unknown[85.202.169.20]
Feb  7 18:22:31 ip-172-26-6-157 postfix/smtpd[238808]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb  7 18:22:32 ip-172-26-6-157 postfix/smtpd[238808]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb  7 18:22:33 ip-172-26-6-157 postfix/submission/smtpd[238816]: connect from unknown[45.146.164.178]
Feb  7 18:22:35 ip-172-26-6-157 postfix/submission/smtpd[238816]: SSL_accept error from unknown[45.146.164.178]: lost connection
Feb  7 18:22:35 ip-172-26-6-157 postfix/submission/smtpd[238816]: lost connection after STARTTLS from unknown[45.146.164.178]
Feb  7 18:22:35 ip-172-26-6-157 postfix/submission/smtpd[238816]: disconnect from unknown[45.146.164.178] ehlo=1 starttls=0/1 commands=1/2
Feb  7 18:25:55 ip-172-26-6-157 postfix/anvil[238810]: statistics: max connection rate 1/60s for (smtp:85.202.169.20) at Feb  7 18:22:31
Feb  7 18:25:55 ip-172-26-6-157 postfix/anvil[238810]: statistics: max connection count 1 for (smtp:85.202.169.20) at Feb  7 18:22:31
Feb  7 18:25:55 ip-172-26-6-157 postfix/anvil[238810]: statistics: max cache size 2 at Feb  7 18:22:33
Feb  7 18:28:02 ip-172-26-6-157 postfix/smtpd[239020]: connect from unknown[85.202.169.20]
Feb  7 18:28:04 ip-172-26-6-157 postfix/smtpd[239020]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb  7 18:28:04 ip-172-26-6-157 postfix/smtpd[239020]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb  7 18:28:36 ip-172-26-6-157 postfix/smtpd[239020]: connect from www12-azure.checktls.com[40.76.159.115]
Feb  7 18:28:37 ip-172-26-6-157 postfix/smtpd[239020]: disconnect from www12-azure.checktls.com[40.76.159.115] ehlo=2 starttls=1 mail=1 quit=1 commands=5
Feb  7 18:31:57 ip-172-26-6-157 postfix/anvil[239022]: statistics: max connection rate 1/60s for (smtp:85.202.169.20) at Feb  7 18:28:02
Feb  7 18:31:57 ip-172-26-6-157 postfix/anvil[239022]: statistics: max connection count 1 for (smtp:85.202.169.20) at Feb  7 18:28:02
Feb  7 18:31:57 ip-172-26-6-157 postfix/anvil[239022]: statistics: max cache size 2 at Feb  7 18:28:36
Feb  7 18:33:41 ip-172-26-6-157 postfix/smtpd[239249]: connect from unknown[85.202.169.20]
Feb  7 18:33:42 ip-172-26-6-157 postfix/smtpd[239249]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb  7 18:33:42 ip-172-26-6-157 postfix/smtpd[239249]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb  7 18:34:33 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 1 secs): user=<>, rip=185.167.97.31, lip=172.26.6.157, TLS, session=<GwgS2nHXjN+5p2Ef>
Feb  7 18:35:31 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=45.146.164.178, lip=172.26.6.157, session=<PteK3XHXA/AtkqSy>
Feb  7 18:35:37 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 1 secs): user=<>, rip=45.146.164.178, lip=172.26.6.157, session=<sP/d3XHXA/AtkqSy>
Feb  7 18:36:27 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=45.56.106.254, lip=172.26.6.157, session=<E+Pc4HHXSO4tOGr+>
Feb  7 18:37:02 ip-172-26-6-157 postfix/anvil[239251]: statistics: max connection rate 1/60s for (smtp:85.202.169.20) at Feb  7 18:33:41
Feb  7 18:37:02 ip-172-26-6-157 postfix/anvil[239251]: statistics: max connection count 1 for (smtp:85.202.169.20) at Feb  7 18:33:41
Feb  7 18:37:02 ip-172-26-6-157 postfix/anvil[239251]: statistics: max cache size 1 at Feb  7 18:33:41
Feb  7 18:37:14 ip-172-26-6-157 postfix/pickup[238101]: 7D118A2C8D: uid=5005 from=<tunnelt>
Feb  7 18:37:14 ip-172-26-6-157 postfix/cleanup[239454]: 7D118A2C8D: message-id=<9Vlv46BunKtBVmnevZkzpwspi61JdgI186IsNpwvc@tunnel2tech.com>
Feb  7 18:37:14 ip-172-26-6-157 opendkim[986]: 7D118A2C8D: DKIM-Signature field added (s=default, d=tunnel2tech.com)
Feb  7 18:37:14 ip-172-26-6-157 postfix/qmgr[3741]: 7D118A2C8D: from=<tunnelt@tunnel2tech.com>, size=1789, nrcpt=1 (queue active)
Feb  7 18:37:15 ip-172-26-6-157 postfix/smtp[239458]: 7D118A2C8D: to=<singhashwin27@gmail.com>, relay=gmail-smtp-in.l.google.com[2607:f8b0:400e:c08::1a]:25, delay=0.66, delays=0.14/0.02/0.15/0.36, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c08::1a] said: 550-5.7.1 [2600:1f14:95:9100:f30f:9482:d5e4:71aa] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1  https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 . l186si10075607pgd.110 - gsmtp (in reply to end of DATA command))
Feb  7 18:37:15 ip-172-26-6-157 postfix/cleanup[239454]: 207B1A2C8E: message-id=<20220207183715.207B1A2C8E@tunnel2tech.com>
Feb  7 18:37:15 ip-172-26-6-157 postfix/bounce[239459]: 7D118A2C8D: sender non-delivery notification: 207B1A2C8E
Feb  7 18:37:15 ip-172-26-6-157 postfix/qmgr[3741]: 207B1A2C8E: from=<>, size=4909, nrcpt=1 (queue active)
Feb  7 18:37:15 ip-172-26-6-157 postfix/qmgr[3741]: 7D118A2C8D: removed
Feb  7 18:37:15 ip-172-26-6-157 postfix/pipe[239460]: 207B1A2C8E: to=<tunnelt@tunnel2tech.com>, relay=dovecot, delay=0.04, delays=0/0.01/0/0.03, dsn=5.1.1, status=bounced (user unknown)
Feb  7 18:37:15 ip-172-26-6-157 postfix/qmgr[3741]: 207B1A2C8E: removed
Feb  7 18:39:17 ip-172-26-6-157 postfix/smtpd[239687]: connect from unknown[85.202.169.20]
Feb  7 18:39:19 ip-172-26-6-157 postfix/smtpd[239687]: warning: unknown[85.202.169.20]: SASL LOGIN authentication failed: Invalid authentication mechanism
Feb  7 18:39:19 ip-172-26-6-157 postfix/smtpd[239687]: disconnect from unknown[85.202.169.20] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb  7 18:40:06 ip-172-26-6-157 dovecot[1372]: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=185.167.97.31, lip=172.26.6.157, TLS, session=<xKrx7XHX8IK5p2Ef>
Feb  7 18:40:18 ip-172-26-6-157 postfix/qmgr[3741]: 8F026A2C89: from=<lsadm@tunnel2tech.com>, size=911, nrcpt=1 (queue active)

Please help me understand this errors.

verify that the server has ptr and record A to do the resolve and also validate that your domain dkim and spf

because the log indicates that it is detecting ipv6

Feb  7 18:37:15 ip-172-26-6-157 postfix/smtp[239458]: 7D118A2C8D: to=<singhashwin27@gmail.com>, relay=gmail-smtp-in.l.google.com[2607:f8b0:400e:c08::1a]:25, delay=0.66, delays=0.14/0.02/0.15/0.36, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c08::1a] said: 550-5.7.1 [2600:1f14:95:9100:f30f:9482:d5e4:71aa] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1  https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 . l186si10075607pgd.110 - gsmtp (in reply to end of DATA command))

It seems that it is more about the records than the server since I see that your domain is tunnel2tech.com correct?

from line 37 to 39 it fails with dkim validates that they are ok you can see this from the server’s own records if you want you can use a dig @8.8.8.8 hostname A to see if your own server has record A

1 Like

I recommend you to guide you here since it seems something of the mail delivery associated with cyberpanel, I also recommend that you use the command tail -f /path | grep domain.com and with cntrl+c you cancel the previous command

so you can have the results in real time

1 Like

Yes, The main domain is Tunnel2tech.com. Looks like it is caused by DKIM and SPF records only. As i migrated this site from the previous Cyberpanel install and then synced my Cloudflare records with cyberpanel with API feature. Will try to resolve the DKIM and SPF issue.

Also, Here is the output of dig command on my server.

I have noticed when use cloudflare need to remove " from dkim see below not sure if you use cyberpanel dns never try that.
Cyber panel give DKIM
"v=DKIM1; h=sha256; k=rsa; "
“p=MIIBIjANBgkqhkiG9w0BmtudjnIBCgKCAQEAxSEgSm+V2sI8alDrFlySTjz6wZh+xUJVqnqJ6UTfUm8dkY1LKPeOINPlGFnT9ugxdK4XvJuVh22mig/L5xCoP70M8IeNTfNcCjWgNhtsB5m2mV1V3U6jg//F0Cvs5Zq+eZISEYmMO4L/xZZtjJkS4bewthtnedfdbsfe2ht34w5jkekm/BTmaXkC3hJ3pe0Rm7szI0V2RBYngg”
“JQF8ChNmoxufDPGtReGclfEW+zvx1qerrevregegEuE41t65Z24vvDujK/xJNEiZNsCK058lnZDaM8n2y7FEWOPSHw1pxGZLIvFPSkMQCIfnHlKxOP7AxoXNhbh9FysQWftIJV9WOwIDAQAB”

and after removing

v=DKIM1; h=sha256; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQthththAMIIBCgKCAQEAxSEgSm+V2sI8alDrFlySTjz6wZh+xUJVqnqJ6UTfUm8dkY1LKPeOINPlGFnT9ugxdK4XvJuVh22mig/L5xCoP70M8IeNTfNcCjWgNhtsB5m2mV1V3U6jg//F0Cvs5Zq+eZISEYmMO4L/xZZtjJkS4bewthtnedfdbsfe2ht34w5jkekm/BTmaXkC3hJ3pe0Rm7szI0V2RBYngg
JQF8ChNmoxufDPGtReGclfEW+zvx1qerrevregegEuE41t65Z24vvDujK/xJNEiZNsCK058lnZDaM8n2y7FEWOPSHw1pxGZLIvFPSkMQCIfnHlKxOP7AxoXNhbh9FysQWftIJV9WOwIDAQAB

For SPF check there is right server IP

1 Like

yes when you use cloudflare you have to remove all " from the DKIM records.

1 Like

Thank you everyone for helping me out.

I think the problem is solved. Will have to wait a few days to be 100% sure but for now it is working fine.

Here is the solution which worked for me. As pointed out by members it was more of a DNS record problem than a Server issue.

  1. Added all the email records properly. SPF, DMARC, DKIM. (Don’t forget to remove from “” from your DKIM records if you are using Cloudflare).
  2. Issued mail server SSL again.
    And that solved the issue.
1 Like

This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.