SMTP Sending Mail from Clients ceased working

Deftly · November 16, 2017, 5:12am

These status’ are green:

Domain’s email is directed to this domain. [xxxxxx.com ↦ 10 box.xxxxx.com]
✓
Postmaster contact address exists as a mail alias. [postmaster@xxxxx.com ↦ administrator@box.xxxxxx.com]
✓
Domain is not blacklisted by dbl.spamhaus.org.

Others are not, as I am using external DNS.

Everything was working great, but all the email accounts on this server now refuse to send via SMTP

Using airmail, spark, and mail. When test the clients connections.

IMAP settings are working

SMTP settings - invalid - stable connection to the server can’t be made.

So…

I am receiving mail fine. But can’t send it.

I have a separate Sendy mailing list server. This seemed to coincide with a mailout that used one of the email accounts on the MiaB server as the reply-to mail address. Not sure if that was coincidental but it was directly afterwards that things started playing up.

The domain that sent the mailout is hosted on a vultr server, but the MiaB serves the emails for it. All the domains that are having problems sendind emails are hosted on the same vultr server, but have their emails delivered and served by the MiaB.

I am thinking it might be something to do with that.

I checked my UFW firewall:
To Action From

22 ALLOW Anywhere
53 ALLOW Anywhere
25/tcp ALLOW Anywhere
587 ALLOW Anywhere
993 ALLOW Anywhere
995 ALLOW Anywhere
4190/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
25/tcp (v6) ALLOW Anywhere (v6)
587 (v6) ALLOW Anywhere (v6)
993 (v6) ALLOW Anywhere (v6)
995 (v6) ALLOW Anywhere (v6)
4190/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)

I am on a linode, so no other cloud firewall.

Where might I check other things that could be blocking SMTP connection…

Is there greylisting, or where do I check fail2ban?

Thanks again

Deftly · November 16, 2017, 5:32am

I added my domains webserver IP to the fail2ban jail.conf ip whitelist

But didn’t make any difference.

Also should mention. This occurs across multiple computers, multiple users, multiple networks. Also when VPNs are off, proxies are off etc

Deftly · November 16, 2017, 6:51am

From my home I have used netcat to connect to the MiaB:

nc -v box.xxx.com 25
found 0 associations
found 1 connections:
     1:	flags=82<CONNECTED,PREFERRED>
	outif utun2
	src 192.168.254.253 port 51403
	dst 8x.8x.1xx.1x port 25
	rank info not available
	TCP aux info available

Connection to box.xxx.com port 25 [tcp/smtp] succeeded!
nc -v box.xxx.com 587
found 0 associations
found 1 connections:
     1:	flags=82<CONNECTED,PREFERRED>
	outif utun2
	src 192.168.254.253 port 51411
	dst 8x.8x.1xx.1x port 587
	rank info not available
	TCP aux info available

Connection to box.ezubc.com port 587 [tcp/submission] succeeded!
220 box.xxx.com ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)

Thats all good.

Then I did the same to try to connect to one of the domains for the emails not working:

nc -v xxx.com 25
found 0 associations
found 1 connections:
     1:	flags=82<CONNECTED,PREFERRED>
	outif utun2
	src 192.168.254.253 port 51889
	dst 45.32.180.59 port 25
	rank info not available
	TCP aux info available

Connection to xxx.com port 25 [tcp/smtp] succeeded!

nc -v xxx.com 587
found 0 associations
found 1 connections:
     1:	flags=82<CONNECTED,PREFERRED>
	outif utun2
	src 192.168.254.253 port 51894
	dst 45.32.180.59 port 587
	rank info not available
	TCP aux info available

Connection to xxx.com port 587 [tcp/submission] succeeded!

I repeated this test at both my home and office network.
No problem to connect to either the domains or the emails server

Then, I ssh’d into the MiaB and tried used the tool to try to connect to one of the domains whose emails aren’t working:

nc -v xxx.com 25
nc: connect to xxx.com port 25 (tcp) failed: Permission denied
nc: connect to xxx.com port 25 (tcp) failed: No route to host
nc -v xxx.com 587
nc: connect to xxx.com port 587 (tcp) failed: Permission denied
nc: connect to xxx.com port 587 (tcp) failed: No route to host

From the email server I couldn’t connect to those domains.

Then from within the email server I tried to connect to mailinabox.email domain for control check:

nc -v mailinabox.email 25
Connection to mailinabox.email 25 port [tcp/smtp] succeeded!
220 box.occams.info ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)
nc -v mailinabox.email 587
Connection to mailinabox.email 587 port [tcp/submission] succeeded!
220 box.occams.info ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)

No problems.

Then, I logged into the server hosting the domains for whom the email messages (served by mailinthebox) aren’t working and tried to connect to my MiaB and also mailinabox.email:

nc -v box.xxx.com 25
nc: connect to box.xxx.com port 25 (tcp) failed: Connection timed out
xxx@xxx:~$ nc -v box.xxx.com 587
Connection to box.xxx.com 587 port [tcp/submission] succeeded!
220 box.xxx.com ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)

xxx@xxx:~$ nc -v mailinabox.email 25
nc -v mailinabox.email 587
nc: connect to mailinabox.email port 25 (tcp) failed: Connection timed out
Connection to mailinabox.email 587 port [tcp/submission] succeeded!
220 box.occams.info ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)

So the only failures are occuring when my MiaB tries to connect to the Domains hosting server, using these ports.

Having said that, Im not sure what this means. Is that a problem with these outgoing ports on the MiaB? or a Problem with the Domain hosting. Or both haha?

Deftly · November 16, 2017, 8:09am

No answer from Linode and some impolite responses from Vultr, telling me to wait for account services to lift an SMTP block.

But lo and behold all the email clients are connecting again.

I am still none the wiser. I’ll update this thread when I get responses from Linode and Vultr.