Unreliable Email

nlkocx · January 23, 2023, 8:12pm

So, I’m trying CyberPanel and it seems that email is super unreliable here. It works and stops working and works again and stops working.

When I try to send email it shows ( can’t connect to server ).

No ports are blocked. I already tried issuing SSL again for mail server and everything.

I’m tired of having this failing. What can I do?

josephgodwinke · January 24, 2023, 12:37pm

Happy New Year @nlkocx

Are you able to send emails?
Are you able to receive emails?
Are you able to setup your email account in an email client such as Bluebird, Outlook etc?

nlkocx · January 24, 2023, 1:50pm

I wasn’t able to receive neither send.

All I saw on SnappyMail when I was trying to send a email was: can’t connect to server

and in logs was:

2023-01-23 22:22:05.356518 [NOTICE] [188:8150-3#cyberpanel:lsapi] [STDERR] SERVICE WARNING: - Can’t connect to host “tcp://localhost:587” @ /usr/local/CyberCP/public/snappymail/snappymail/v/2.15.3/app/libraries/MailSo/Net/NetClient.php#194
2023-01-23 22:28:34.950392 [INFO] [188:8183] Connection idle time too long: 301 while in state: 2 watching for event: 4, close!

josephgodwinke · January 24, 2023, 2:05pm

Looks like a simple auth & security layer issue. Start by checking if you have sasl abstraction library and modules installed:

dpkg -l | grep sasl

Use this checklist to see if your postfix is setup correctly:

$ nano /etc/postfix/master.cf

Look up at the beginning if you have these directives:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd

# @josephgodwinke says:  if you are using spamassissin this directive will be set automatically. If you do not have it ignore this part
# smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin


#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions

Now check $ nano /etc/postfix/main.cf || vi /etc/postfix/main.cf

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destinat>
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem

If you just added either of these you will need to restart postfix sudo service postfix restart || sudo systemctl restart postfix

If you dont mind post your mailserver domain we see if there is an issue with ssl certificate validity

nlkocx · January 24, 2023, 3:49pm

ii  libauthen-sasl-perl                   2.1600-1                                   all          Authen::SASL - SASL Authentication framework
ii  libsasl2-2:amd64                      2.1.27+dfsg-2ubuntu0.1                     amd64        Cyrus SASL - authentication abstraction library
ii  libsasl2-dev                          2.1.27+dfsg-2ubuntu0.1                     amd64        Cyrus SASL - development files for authentication abstraction library
ii  libsasl2-modules:amd64                2.1.27+dfsg-2ubuntu0.1                     amd64        Cyrus SASL - pluggable authentication modules
ii  libsasl2-modules-db:amd64             2.1.27+dfsg-2ubuntu0.1                     amd64        Cyrus SASL - pluggable authentication modules (DB)

smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Mail server domain sent to your private dm

josephgodwinke · January 24, 2023, 3:57pm

As expected you have not setup DNS record for your mailserver domain.

The certificate is self-signed and Common name: mail.billing.xxxx.com.
You also do not have a rDNS ptr record

Solution:

Create a rDNS ptr record where you purchased the server. Post your provider here or pm I will help you with this.
You need to reissue mailserver ssl after you have setup a CNAME record for mail.xxxx.com on cloudflare.

Incase you need me any hand holding send me a request on pm

nlkocx:

ii  libauthen-sasl-perl                   2.1600-1                                   all          Authen::SASL - SASL Authentication framework
ii  libsasl2-2:amd64                      2.1.27+dfsg-2ubuntu0.1                     amd64        Cyrus SASL - authentication abstraction library
ii  libsasl2-dev                          2.1.27+dfsg-2ubuntu0.1                     amd64        Cyrus SASL - development files for authentication abstraction library
ii  libsasl2-modules:amd64                2.1.27+dfsg-2ubuntu0.1                     amd64        Cyrus SASL - pluggable authentication modules
ii  libsasl2-modules-db:amd64             2.1.27+dfsg-2ubuntu0.1

This is perfect

nlkocx · January 24, 2023, 6:30pm

I’ve sent you a dm

nlkocx · January 24, 2023, 7:00pm

Did you receive my dm? Thank you…

josephgodwinke · January 25, 2023, 5:17am

@nlkocx Kindly check and revert back