Cannot seem to connect to mailinabox after setup

Hello!

This is my first time setting up Mail-in-a-Box so please let me know if I’m missing something stupid.

I have completed the setup process and it seems to have worked out alright. However, when I go to connect to the admin panel, I am unable. Pinging the IP address of the box, I get replies just fine. Digging on the domain, it sees the right nameservers. Here’s where it gets weird: when I go to ping the box through the hostname, or ping the domain directly, I get an IP address that I have no affiliation with responding. My domain host is Google Domains, and the domain itself is cigarenthusiasts.net.

I’ve been pulling my hair out for the better part of two days now, so any assistance is appreciated. I will post outputs from several commands I have already run so that it may help streamline the process.

From external computer:

dig +trace box.cigarenthusiasts.net

; <<>> DiG 9.16.21 <<>> +trace box.cigarenthusiasts.net
;; global options: +cmd
.                       58138   IN      NS      a.root-servers.net.
.                       58138   IN      NS      b.root-servers.net.
.                       58138   IN      NS      c.root-servers.net.
.                       58138   IN      NS      d.root-servers.net.
.                       58138   IN      NS      e.root-servers.net.
.                       58138   IN      NS      f.root-servers.net.
.                       58138   IN      NS      g.root-servers.net.
.                       58138   IN      NS      h.root-servers.net.
.                       58138   IN      NS      i.root-servers.net.
.                       58138   IN      NS      j.root-servers.net.
.                       58138   IN      NS      k.root-servers.net.
.                       58138   IN      NS      l.root-servers.net.
.                       58138   IN      NS      m.root-servers.net.
.                       58138   IN      RRSIG   NS 8 0 518400 20211016170000 20211003160000 14748 . KppVjgetIV3xiNUFa56tVeL05eqKhB907rLdQQBBJOl79+ge6Lm5VwG+ dfp5xhDqwCW3MdsGsLr2xL4lZEExJrn5SC4Fa5xkLzirWLPmn9WtEHSB tZSC9S63fAQrQE99EV9f41Q6V6dub8IQq9EeE2+pvFzWKaa9+EYAqLTH XoQADvUhWQWIqir16EF04hZH7yub8YAJ9+qNzCqtSZd9aeu7Ygf/y84o EdfHoCxSc6H4+SEocjgAmw4JJfDIsd+x8/RI5ZGDr9raDeKL09D+4hJE VMnDHgGwgMBkt73alfITTayMdmecsEezlFdy3ekZDm6E9us6C5orz29Z 0uQvUw==
;; Received 525 bytes from 192.168.50.1#53(192.168.50.1) in 42 ms

net.                    172800  IN      NS      l.gtld-servers.net.
net.                    172800  IN      NS      b.gtld-servers.net.
net.                    172800  IN      NS      c.gtld-servers.net.
net.                    172800  IN      NS      d.gtld-servers.net.
net.                    172800  IN      NS      e.gtld-servers.net.
net.                    172800  IN      NS      f.gtld-servers.net.
net.                    172800  IN      NS      g.gtld-servers.net.
net.                    172800  IN      NS      a.gtld-servers.net.
net.                    172800  IN      NS      h.gtld-servers.net.
net.                    172800  IN      NS      i.gtld-servers.net.
net.                    172800  IN      NS      j.gtld-servers.net.
net.                    172800  IN      NS      k.gtld-servers.net.
net.                    172800  IN      NS      m.gtld-servers.net.
net.                    86400   IN      DS      35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE
net.                    86400   IN      RRSIG   DS 8 1 86400 20211016170000 20211003160000 14748 . V6PrwvBHGsJyhY6l56b5nZNZZcpwwdYbDEO7Dsg57aYQCr9Ln1drRxo4 kq9+Lv+QwLupuhRf9k68Kw2NzEXAMZPab9WhKg6z170w8OhmMh7htmyu bSqJMEUWxw0KeY+NwzcASXp4QoXhhRKSoqCSJlwvw3qbFEDmrielx04a tZLizmeuRBg0mRX+DcyXHVlvyjYBoH1+4pnh8XDcSuoSvlnSsd/gw7fM BD19pMNbyz3bVnh+vGUT08tFcRSOI6aQ0rLGSlxd9JZa7mC0N8RtKIJT nfWNbayY0+RRJH67xvSBfCKzbJPfKT1CobDyX8yo/417/bEODMgIewRd mdDu3w==
;; Received 1181 bytes from 192.203.230.10#53(e.root-servers.net) in 34 ms

cigarenthusiasts.net.   172800  IN      NS      ns1.box.cigarenthusiasts.net.
cigarenthusiasts.net.   172800  IN      NS      ns2.box.cigarenthusiasts.net.
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20211007053907 20210930042907 65378 net. R4YWOZIC3QQizKmSbKOLh9pZDlQVVdHKvXHjFXAXXuAJmeEXvLsf5e9y Fn3kaSN28afZ+q75JxGtvnwGDS60gslWTf5MFG7OukaNhxLV7QFUYczV jJxmZ+ZI3PwyCB090KIzZ0dHbA7yLoY0t/r+HL88Re+m9wW2vEvjlRF4 ZMIkd4zJO91k2/SX+t7vcYpkvzxnEI9HujZe74ZUSsj3ng==
CKSUMQ6PUH5DMB4AVHQN734RV3LJ2L8B.net. 86400 IN NSEC3 1 1 0 - CKT47V8RFUR4SS1JMA337NOF5N2UH9ME NS DS RRSIG
CKSUMQ6PUH5DMB4AVHQN734RV3LJ2L8B.net. 86400 IN RRSIG NSEC3 8 2 86400 20211009182957 20211002171957 65378 net. tG4C4jypHY3vi2nrxw7Iy6YJ9KH9xP7E6RS6/c05GyQ6sW1MKv9eAOAZ VB3P0n7SVCgl8tcx1W/05kEIACOsAInyiVBBxvVPkrICb5Y3ki9hijiZ DRpwgNabXJRQOgIiN/SWrGvPAVpp4xdyJUPwSfu9MUzq9FGIGZdCq5WX 4QXs4HYJ9w1tUwx5SQ/stHSKOG/Mr/3SJUUH4HU9kpzAYA==
;; Received 670 bytes from 192.43.172.30#53(i.gtld-servers.net) in 102 ms

;; connection timed out; no servers could be reached

In this command, the IP’s listed I have no affiliation with.

dig cigarenthusiasts.net

; <<>> DiG 9.16.21 <<>> cigarenthusiasts.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12580
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;cigarenthusiasts.net.          IN      A

;; ANSWER SECTION:
cigarenthusiasts.net.   6       IN      A       23.195.69.109
cigarenthusiasts.net.   6       IN      A       23.217.138.106

;; Query time: 1 msec
;; SERVER: 192.168.50.1#53(192.168.50.1)
;; WHEN: Sun Oct 03 22:48:53 Eastern Daylight Time 2021
;; MSG SIZE  rcvd: 81

These are the correct IP addresses of the box

dig @h.gtld-servers.net. cigarenthusiasts.net NS

; <<>> DiG 9.16.21 <<>> @h.gtld-servers.net. cigarenthusiasts.net NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12041
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cigarenthusiasts.net.          IN      NS

;; AUTHORITY SECTION:
cigarenthusiasts.net.   172800  IN      NS      ns1.box.cigarenthusiasts.net.
cigarenthusiasts.net.   172800  IN      NS      ns2.box.cigarenthusiasts.net.

;; ADDITIONAL SECTION:
ns1.box.cigarenthusiasts.net. 172800 IN A       66.94.102.181
ns2.box.cigarenthusiasts.net. 172800 IN A       66.94.102.181

;; Query time: 42 msec
;; SERVER: 192.54.112.30#53(192.54.112.30)
;; WHEN: Sun Oct 03 22:50:42 Eastern Daylight Time 2021
;; MSG SIZE  rcvd: 121

From box itself

dig cigarenthusiasts.net

; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> cigarenthusiasts.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3378
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 12e7195a046854f62b34525b615a6c7fbe6a2572c42c2b88 (good)
;; QUESTION SECTION:
;cigarenthusiasts.net.          IN      A

;; Query time: 10 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 03 22:52:47 EDT 2021
;; MSG SIZE  rcvd: 77

The dashboard loads fine from here using the IP address.

I can’t find any records for the domain.

I don’t know anything about that host, but port 53 seems closed.

I was able to “see” port 53 open to UDP traffic with nmap from my external machine, which is another reason why I’m confused. Host is Contabo if that helps.

Trying to go to the IP with a web browser from my end (multiple networks attempted), I get redirected to box.cigarenthusiasts.net and the page fails to load from there because it can’t resolve it.

nmap shows the old hostname for the box, but I don’t think that’s the issue. Reverse DNS on the IP shows the new one, as does checking manually on the box itself.

From external machine

nmap -sU 66.94.102.191 -p 53 -Pn

Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-03 22:37 Eastern Daylight Time
Nmap scan report for vmi686014.contaboserver.net (66.94.102.191)
Host is up.

PORT   STATE         SERVICE
53/udp open|filtered domain

Nmap done: 1 IP address (1 host up) scanned in 5.37 seconds

From server

hostnamectl

   Static hostname: box.cigarenthusiasts.net
         Icon name: computer-vm
           Chassis: vm
        Machine ID: redacted
           Boot ID: redacted
    Virtualization: kvm
  Operating System: Ubuntu 18.04.6 LTS
            Kernel: Linux 4.15.0-134-generic
      Architecture: x86-64

Port 53 should be available to telnet:

$ telnet ns1.box.occams.info 53
Trying 94.76.202.152...
Connected to ns1.box.occams.info.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

Yours is blocked:

$ telnet 66.94.102.181 53
Trying 66.94.102.181...
telnet: Unable to connect to remote host: Connection refused

Here is your dashboard login page:

box.cigarenthusiasts.net780×550 32.5 KB

It also needs to be open to TCP traffic.

Thanks for the help so far guys. I observed the same result with telnet being unable to connect, so I’ve got a support request with my host to check their firewall settings. I’ll update here if that resolves the issues!

For future reference, the mail server in the MX record for mailinabox.email is running at or near the Main branch of the GitHub project, so isn’t usually very far off from from the release version, and you can look at the diffs if something seems notably different. I use that when I’m wondering if something is configured incorrectly.

This port 53 issue won’t resolve the dashboard loading issue.

I would imagine that having port 53 would allow the DNS to resolve to the dashboard, since going to the IP on my end just redirects me to the domain address of the box which then times out because it can’t resolve. Is this a decent assumption?

No. The server has port 443 open and nginx is responding to it so nsd obviously is not configured to listen on this port.

There is a reason the final installation instruction directs the user to navigate in a browser to https://$ipaddress/admin, and I would speculate it is because of how reliably this permits access to the dashboard because despite using a self-signed cert, the status checks can then be viewed and you can see most of the problems a server can have.

You have something else going if you are unable to load the dashboard using the IP address.

Tried to see if there were any problems with nsd as you mentioned that it wasn’t configured to run on that port, so I re-ran mailinabox setup and immediately after completion I went to check the status of the nsd service. This was the output I received.

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

https://66.94.102.181/admin

You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:

11:57:B7:D6:FA:BD:10:91:B0:E4:39:13:B2:CE:AA:8C:91:A6:D1:D7:D0:0E:6C:C6:0B:E2:F3:D5:C5:ED:80:3B

Then you can confirm the security exception and continue.

root@box:~# systemctl status nsd.service
● nsd.service - Name Server Daemon
   Loaded: loaded (/lib/systemd/system/nsd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2021-10-04 11:50:56 EDT; 11min ago
 Main PID: 16309 (code=exited, status=1/FAILURE)

Oct 04 11:50:56 box.cigarenthusiasts.net systemd[1]: nsd.service: Service hold-off time over, scheduling restart.
Oct 04 11:50:56 box.cigarenthusiasts.net systemd[1]: nsd.service: Scheduled restart job, restart counter is at 5.
Oct 04 11:50:56 box.cigarenthusiasts.net systemd[1]: Stopped Name Server Daemon.
Oct 04 11:50:56 box.cigarenthusiasts.net systemd[1]: nsd.service: Start request repeated too quickly.
Oct 04 11:50:56 box.cigarenthusiasts.net systemd[1]: nsd.service: Failed with result 'exit-code'.
Oct 04 11:50:56 box.cigarenthusiasts.net systemd[1]: Failed to start Name Server Daemon.

Try logging into the dashboard and see what the status checks tell you. The page loads fine from here.

The page now loads fine. Not sure what a 3rd install of mailinabox has to do with it but I’ll take it!

Now I run into the problem of it not recognizing my admin password. I tried the instructions listed here: Reset Admin Password, but it gave me an error of the following:

root@box:~# sudo /root/mailinabox/tools/mail.py
/root/mailinabox/tools/mail.py: line 3: management/cli.py: No such file or directory

I have verified that the directory /root/mailinabox/tools has the mail.py file in it, however it will not work as explained.

It appears that the method there may no longer work, as someone else had the same issue. I have never logged on to this bot as anything other than root, and have never created another user account.

Sorry if this is a lot, I do appreciate the help you’ve provided thus far.

To use the command and also see the list of options, run:

root@box:~# mailinabox/management/cli.py
Usage:
  management/cli.py user                                     (lists users)
  management/cli.py user add user@domain.com [password]
  management/cli.py user password user@domain.com [password]
  management/cli.py user remove user@domain.com
  management/cli.py user make-admin user@domain.com
  management/cli.py user remove-admin user@domain.com
  management/cli.py user admins                              (lists admins)
  management/cli.py user mfa show user@domain.com            (shows MFA devices for user, if any)
  management/cli.py user mfa disable user@domain.com [id]    (disables MFA for user)
  management/cli.py alias                                    (lists aliases)
  management/cli.py alias add incoming.name@domain.com sent.to@other.domain.com
  management/cli.py alias add incoming.name@domain.com 'sent.to@other.domain.com, multiple.people@other.domain.com'
  management/cli.py alias remove incoming.name@domain.com

Removing a mail user does not delete their mail folders on disk. It only prevents IMAP/SMTP login.

So you can list the users to verify you have the correct username:

root@box:~# mailinabox/management/cli.py user
useraccount@example.com*

I think this command should change the password:

root@box:~# mailinabox/management/cli.py user password useraccount@example.com [newpassword]

Finally got into the dashboard. Here is the output of the status checks. I did a full OS re-install on the VPS and setup Mailinabox from scratch again. The SSH issue I will be remediating shortly to disable password login.

System Status Checks
No reboot is necessary.
Enable New-Version Check
(When enabled, status checks phone-home to check for a new release of Mail-in-a-Box.)

System

✖	
Public DNS (nsd4) is not running (port 53).

✖	
The SSH server on this machine permits password-based login. A more secure way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check that you can log in without a password, set the option 'PasswordAuthentication no' in /etc/ssh/sshd_config, and then restart the openssh via 'sudo service ssh restart'.

✓	
System software is up to date.

?	
You are running version Mail-in-a-Box v0.54. Mail-in-a-Box version check disabled by privacy setting.

✓	
System administrator address exists as a mail alias. [administrator@box.cigarenthusiasts.net ↦ corey@cigarenthusiasts.net]

✓	
The disk has 179.86 GB space remaining.

✓	
System memory is 92% free.

Network

✓	
Firewall is active.

✓	
Outbound mail (SMTP port 25) is not blocked.

✓	
IP address is not blacklisted by zen.spamhaus.org.

box.cigarenthusiasts.net

✖	
Nameserver glue records are incorrect. The ns1.box.cigarenthusiasts.net and ns2.box.cigarenthusiasts.net nameservers must be configured at your domain name registrar as having the IP address 66.94.102.181. They currently report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.

✖	
This domain must resolve to your box's IP address (66.94.102.181) in public DNS but it currently resolves to [Not Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues listed above.

✓	
Reverse DNS is set correctly at ISP. [66.94.102.181 ↦ box.cigarenthusiasts.net]

✓	
Hostmaster contact address exists as a mail alias. [hostmaster@box.cigarenthusiasts.net ↦ administrator@box.cigarenthusiasts.net]

✓	
Domain's email is directed to this domain. [box.cigarenthusiasts.net has no MX record, which is ok]

✓	
Postmaster contact address exists as a mail alias. [postmaster@box.cigarenthusiasts.net ↦ administrator@box.cigarenthusiasts.net]

✓	
Domain is not blacklisted by dbl.spamhaus.org.

✖	
The TLS (SSL) certificate for this domain is currently self-signed. You will get a security warning when you check or send email and when visiting this domain in a web browser (for webmail or static site hosting).

cigarenthusiasts.net

✖	
The nameservers set on this domain are incorrect. They are currently [Not Set]. Use your domain name registrar's control panel to set the nameservers to ns1.box.cigarenthusiasts.net; ns2.box.cigarenthusiasts.net.

✖	
This domain's DNS MX record is not set. It should be '10 box.cigarenthusiasts.net'. Mail will not be delivered to this box. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

✓	
Postmaster contact address exists as a mail alias. [postmaster@cigarenthusiasts.net ↦ administrator@box.cigarenthusiasts.net]

✓	
Domain is not blacklisted by dbl.spamhaus.org.

✖	
This domain should resolve to your box's IP address (A 66.94.102.181) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

?	
This domain's DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. See below for instructions.

show more
✖	
www.cigarenthusiasts.net: This domain should resolve to your box's IP address (A 66.94.102.181) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

✖	
autoconfig.cigarenthusiasts.net: This domain should resolve to your box's IP address (A 66.94.102.181) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

✖	
autodiscover.cigarenthusiasts.net: This domain should resolve to your box's IP address (A 66.94.102.181) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

image1718×359 25.5 KB

image1690×812 52.5 KB

I also still have this issue with nsd:

root@box:~# service nsd status
● nsd.service - Name Server Daemon
   Loaded: loaded (/lib/systemd/system/nsd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2021-10-04 13:33:08 EDT; 2min 37s ago
  Process: 12341 ExecStart=/usr/sbin/nsd -d (code=exited, status=1/FAILURE)
 Main PID: 12341 (code=exited, status=1/FAILURE)

Oct 04 13:33:08 box.cigarenthusiasts.net systemd[1]: nsd.service: Main process exited, code=exited, status=1/FAILURE
Oct 04 13:33:08 box.cigarenthusiasts.net systemd[1]: nsd.service: Failed with result 'exit-code'.
Oct 04 13:33:08 box.cigarenthusiasts.net systemd[1]: nsd.service: Service hold-off time over, scheduling restart.
Oct 04 13:33:08 box.cigarenthusiasts.net systemd[1]: nsd.service: Scheduled restart job, restart counter is at 5.
Oct 04 13:33:08 box.cigarenthusiasts.net systemd[1]: Stopped Name Server Daemon.
Oct 04 13:33:08 box.cigarenthusiasts.net systemd[1]: nsd.service: Start request repeated too quickly.
Oct 04 13:33:08 box.cigarenthusiasts.net systemd[1]: nsd.service: Failed with result 'exit-code'.
Oct 04 13:33:08 box.cigarenthusiasts.net systemd[1]: Failed to start Name Server Daemon.

Did the provider respond to the port 53 support ticket?

They have not yet responded, however I’m not sure it’s necessary anymore. After following instructions here: Problems with nsd4 on a fresh server I was able to get my nsd up and running, and System Status Checker seems to be happy now.

I seriously appreciate your help. Even if we didn’t reach the solution itself in this thread, talking over the issues with you has been tremendously helpful. Thank you.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.