Setup for sending to external addresses

Hello everyone - I’m new to MiaB (new-ish to Linux too, after 25 years on Windows boxes) - and loving it :slight_smile: but I’m having real trouble understanding how to send to external addresses.
Is there a definitive guide to that part?
I’m hosting at DO, have Mail In A Box installed and all looking good, but can only receive from external address, not send. Every mail I’ve sent comes back " Undelivered Mail Returned to Sender".
Do I have to use MailGun, or can this be resolved “in-house”.
Thanks,
Craig.

Blacklisted - is that my problem?
Following @ JoshData’s post What validation tools do you use? I checked my box’s IP address with mxtoolbox.
The IP is listed UCEPROTECT-Level3 which means the entire subnet is flagged.
But on DigitalOcean community I see this: “Mail providers should not check against UCEPROTECT’s blacklist database and even if the IP address is listed there you should not have any issues with the mail delivery.”
Now I can’t tell if there’s something wrong with my setup or if the problem lies elsewhere :frowning:
All and any help here will be very much appreciated! :slight_smile:

Hi, would be helpful to show what your seeing, but:

  • Go to https://box.example.com/admin (using box dot your domain name), login and select System and then Status Checks. It will take a minute or so, and should come back with a page of green ticks. There is good explanations next to each item, but any red Xs are potential problems.
  • If you’re seeing all green ticks, check your outbound ports. All of 22, 25, 53, 80, 443, 465, 587, 993, 995, and 4190 should be open - and 25 must be open for outbound traffic. The traditional way to check is find the name of some mail server (not yours, use mxtoolbox/MXlookup on some convenient domain) then (using your box) execute “telnet some.computer 25”. You should see a “220 …” status line - good, that’s proof you can get out to port 25. (Use ^] and then “quit” to terminate the telnet session.)
  • If all that’s good - I’d go to mxtoolbox.com and try MX lookup, Blacklist check, DNS lookup, Test email server, Reverse lookup, and maybe DNS check. They might give you a clue, although some of their “problem” flags are unnecessarily pessimistic…

Also, be aware that DNS entries take some time (typically about 1 hr) to propagate from wherever you set the details, through to the rest of the world. This can cause confusion :slight_smile:

Hello Andrew, thanks indeed for your responses.
Well, I’m starting afresh … I’ve destroyed the Droplet and made a new one to get a different IP and a completely new installation (I did so much messing around that I might have broken something, though I don’t actually believe so, but better to be 100% sure).
I had all green ticks in the Status Checks, and ufw’d the ports appropriately.
However, DigitalOcean blocks port 25 at a superior level - and they won’t open it for love nor money - so I expect that that was the main issue, since you say “must” be open. (DO says they’ll consider opening it after a couple of months when they can confirm that I’m a good boy).
DO lead me to believe that I could use 465 or 587 with MiaB, perhaps I misunderstood - I now think that refers to a set up with MailGun.
I have an account there, but never got the DNS relationship set up right (48 hours???) - something must have been very wrong - I got very confused about the subdomains - “mg” and “box”.
Ho hum, perseverance has no time-out:)
I do so like the MiaB package, and RoundCube is lovely, so I’ll just crack on with attempt #2.
Your input, tips and info, are very much appreciated!
Thanks,
Craig.

Hi - re port 25, I’m pretty sure it must be open for sending - those higher ports are used for clients (eg. the email app on your phone) submitting to your box (only the 1st step in the chain), then your box forwards the message towards the destination on port 25.

(PS. We talk about “port 25” being blocked, but every connection has 2 ends, usually with unrelated port numbers. What is blocked is all connections to someone else’s port 25, which is where email servers listen for incoming messages from other servers.)

See https://discourse.mailinabox.email/t/port-25-smtp-blocked-by-provider-how-to-mitigate-if-no-fix/5350/10

Re forwarding/mailgun/etc - anything is possible but it will be outside the scope of MIAB, so you’ll be on your own. That in itself is just a source of fun (!) but know that every MIAB upgrade will overwrite some of your changes, so mods become a continuous process. And you need (or will acquire) a fair bit of knowledge about TCP and email.

MIAB makes your box into a real email server, it needs real access to the rest of the world. The consensus seems to be - it your provider won’t open 25, go to someone who will.

It will likely cost you less in time to use a different ISP. For years I’ve had no issues with Vultr. I know I’m grandfathered past whatever their current policies are, but most people report opening a support ticket and getting port 25 opened and their off to the races.

Thanks you guys - I guess I will try another provider.
I’ve spent the last 3-4 hours just trying to open 587 for submission - it’s closed - but I’ve read everything google has to offer and tried every which way, and soon I’ll be reaching for my hammer :slight_smile:
Better go to bed for a while.
I’ll have a look and Vultr and Amazon.
I see this on Vultr:
Do you allow outbound SMTP?
In some instances, outbound traffic to the SMTP port may be blocked for new accounts. If you encounter this restriction, contact our support team from the customer portal.
DO has me jumping thru’ hoops for at least 60 daze :slight_smile: so I think I’ll take a swing by Vultr.
Thanks indeed!

If you search the forums for Amazon, you will find people having issues on that platform, but I am unfamiliar with the details.

Terrific! On Vultr, 5$ later …
Unable to add domain to DNS: box.acdit.email
Subdomains are not permitted
So MiaB cannot be installed there?

I’m guessing you mean Vultr’s DNS server? By default, MiaB handles DNS for MiaB.

True, on my DO droplet though, I (think I) had to add MX records in order to receive at my aliases with different domain names - or was that not necessary?

If you have domains using external DNS servers, then you will need to add the records to the external DNS servers as recommended in the ‘External DNS’ page of the MiaB dashboard.

I was not aware of the policy by Vultr, but it is not necessary to use their DNS server, plus I’m not clear they will allow you to use it anyway if you don’t have the domain hosted on one of your servers with them.

Most people don’t use subdomain DNS servers. There is nothing wrong with it, but maybe if you take a look at the problem you are trying to solve, you can find that this isn’t necessary?

I can only giggle to myself, sanity maintenance you know :slight_smile:
I’ll go ahead and install MiaB then change the DNS pointers and glue records when it’s up - see how it goes.
If it seems good, then I’ll have to ask Vultr to open port 25 for me …
Watch this space …

I’d say - go through the instructions (https://mailinabox.email/guide.html) in order and don’t get ahead of yourself. To start, make it a standard install and let MIAB do everything it wants. The only external things you’ll need to do are:

  • set the reverse DNS entry - owned by your network/server provider and under their control.
  • set the two glue records at your domain provider (not usually your server provider).
  • After it’s all up and running, copy the DNSSEC entries (as per the the instructions on the MIAB admin/status page) to your domain provider.

Then sit back and enjoy, it’s normally very straight-forward.

Installation was no problem at all, in fact it’s massively impressive how it just sets everything up ready to use. My troubles began when I started following DO’s recommendation to hook up with a 3rd-party over 587. MailGun reguires you add TXT, CNAME and optional MX records using subdomain elements (eg: mg.box.acdit.email) and that got really confusing,and nothing worked at all.
Anyway, it’s all set up now at Vultr and I’m waiting for their response to my request to open port 25 - hope they’ll be more helpful than DO.

1 Like

RESULT !!! :smiley:
Vultr never got back to me (yeah, impatient me, 24 hrs is too long to wait) so I went with Contabo - contabo.com - a firm in Munich, Germany. I called by phone to ask about port 25 and was assured that it is not blocked, so I signed up.
VPS S | 4 vCPU Cores | 8 GB RAM | 50 GB NVMeor 200 GB SSD | 32 TB Traffic | Unlimited Incoming | $6.99 per month.
MiaB installed, sent myself a couple of mails to my Gmail - and I’m off to the races as @openletter put it.
So thanks guys, your guidance has been both helpful and gratifying :slight_smile:
Can’t get the LetsEncrypt installed, so looking into that now.

Did you have a server spun up with Vultr?

Personally, I’m not evaluating EU located servers because I’m not clear on how GDPR works.

Yes I did. I installed MiaB there while we were chatting yesterday, opened a support ticket right away and asked for port 25 to be opened. I got a nice response about referring my request to account management, then nothing.
Reading around the web, it seems that just about all of these small, $5 cloud solutions enforce this port restriction. My experience with DO and Vultr indicates that they just string you along with requests to open it.
That’s why I called Contabo on the phone to confirm their policy.
Yeah, GDPR is big and complicated, but basically, Unsolicited EMail - spam - is illegal and so is gathering data about people with their expressed permission. Don’t do that, and there’s nothing to worry about.

GDPR is about more than that. There is some recent article I only skimmed related to requiring registries to reveal personal information of domain owners.

I’ve been using Vultr for I think 6 years now and never spent more than $30 in a month.

I have experienced zero issues with Vultr.

It sounds like you may be new to hosting mail servers, so you may not be fully aware of what the ISPs are dealing with, but I suspect that if you still have the server active, Vultr will approve your request.