All emails out getting connection refused

Hey all, I am a newb at CWP, always been cPanel user. But want to give CWP a good try.
I have installed and setup CWP 7 and purchased Pro license. I added my email address to server to get server messages and ticked box to send root email account to that email address. These emails all hang in postfix cue and say connection was refused.

I know there are a lot of these issues on this forum, but I have read them and looked at all the settings suggested and I must be missing something because all looks fine to me, but all outgoing emails are refused by all mail servers.

Here is a basic description of how my server is configured. Nameservers are alll configured and pointing to correct IPs and have A records. Hostname is configured and has A record etc and has a Lets Encrypt SSL cert. The main domain is however on a different server, but I have never had an issue with this setup in the past with cPanel servers. Just as long as the nameservers etc are all setup correctly they should work fine.

Here is info from the Mail server config page
rDNS/PTR = myhost.mydomain.com SUCCESS

Here is info from RDNS page
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> myhost.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60104
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;myhost.mydomain.com.   IN   A

;; ANSWER SECTION:
myhost.mydomain.com. 6817 IN   A   23.xx.xxx.xxx

;; Query time: 25 msec
;; SERVER: 8.8.8.8#53(8.8.8.
;; WHEN: Sun Jun 09 14:34:57 UTC 2019
;; MSG SIZE  rcvd: 71

This is driving me nuts, everything appears to be right, but as I said CWP newb. Probably missing something simple appreciate the help TIA

ON CWP.Admin -> server settings -> change hostname -> enter the hostname and change hostname
Go to Email -> mailserver manager.

check the following options:
ClamAV, Amavis & Spamassassin, Requires 1Gb+ RAM
Installs DKIM & SPF, enables DKIM for New Accounts and Domains

Enter the hostname and domain, rebuild mailserver


Ensure firewall is not blocking port 25,143,110,993,995,465,587

ON CWP.Admin -> server settings -> change hostname -> enter the hostname and change hostname
Go to Email -> mailserver manager.

check the following options:
ClamAV, Amavis & Spamassassin, Requires 1Gb+ RAM
Installs DKIM & SPF, enables DKIM for New Accounts and Domains

Enter the hostname and domain, rebuild mailserver


Ensure firewall is not blocking port 25,143,110,993,995,465,587

Hostname is in and correct

The suggested email server config settings are selected

Hostname and main domain are there and correct

Firewall lists those ports as open

Same message "Connection Refused"

Here is the returned error message

This is the mail system at host mhost.mydomain.com.

####################################################################
# THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
####################################################################

Your message could not be delivered for more than 4 hour(s).
It will be retried until it is 5 day(s) old.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<test-hoqse@mail-tester.com>: connect to mail-tester.com[94.23.206.89]:25:
    Connection refused
Reporting-MTA: dns; myhost.mydomain.com
X-Postfix-Queue-ID: 43F3291A0023
X-Postfix-Sender: rfc822; test@subdomain.mydomain.com
Arrival-Date: Sun,  9 Jun 2019 14:05:19 +0000 (UTC)

Final-Recipient: rfc822; test-hoqse@mail-tester.com
Original-Recipient: rfc822;test-hoqse@mail-tester.com
Action: delayed
Status: 4.4.1
Diagnostic-Code: X-Postfix; connect to mail-tester.com[94.23.206.89]:25:
    Connection refused
Will-Retry-Until: Fri, 14 Jun 2019 14:05:19 +0000 (UTC)
Return-Path: <test@subdomain.mydomain.com>
Received: from localhost (localhost [127.0.0.1])
    by myhost.mydomain.com (Postfix) with ESMTPA id 43F3291A0023
    for <test-hoqse@mail-tester.com>; Sun,  9 Jun 2019 14:05:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
    d=subdomain.mydomain.com; s=default; t=1560089119;
    bh=7NStbqdReQ4CDUjwjUTc/S/AP51Ax5HcGGVWWWt9/kY=;
    h=Date:From:To:Subject;
    b=HPVzV/wZYEppzbpGrx1m5hXMss2eV5WNp7/P3O8sB0hcRW9yZsoA3f78IlKbldFwO
     DbFw1NskGvCPXkzaAVOLjy/LkaoMBs/8oRidEzyAsafQgMr37dhkYgpGQYalW88lAd
     8hUNY3TKnQ01MfwwhzJDE2q4I1Mo464IRP2Cwii8=
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 10 Jun 2019 00:05:19 +1000
From: test@subdomain.mydomain.com
To: test-hoqse@mail-tester.com
Subject: Test Mail
Message-ID: <e572ac6d68186698045bad82afb80737@subdomain.mydomain.com>
X-Sender: test@subdomain.mydomain.com
User-Agent: Roundcube Webmail/1.3.9
------------------------------

As shown in message I used roundcube to send this directly from user account, also yes this is being sent from a subdomain email account, but I have setup an account with a normal domain and I am getting same problem.

I just tried sending myself an email to my gmail account and got a different message. Don't know if this is related or if is a whole different issue.

This is the mail system at host myhost.mydomain.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<myemail@gmail.com>: host gmail-smtp-in.l.google.com[2607:f8b0:400e:c09::1a]
    said: 550-5.7.1 [2605:f700:40:401::35c8:2c6f] Our system has detected that
    this 550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR
    records 550-5.7.1 and authentication. Please review 550-5.7.1
    https://support.google.com/mail/?p=IPv6AuthError for more information 550
    5.7.1 . f6si1939294pgk.120 - gsmtp (in reply to end of DATA command)
Reporting-MTA: dns;  myhost.mydomain.com.
X-Postfix-Queue-ID: 0D04991A2771
X-Postfix-Sender: rfc822; test@subdomain.mydomain.com
Arrival-Date: Mon, 10 Jun 2019 00:33:27 +0000 (UTC)

Final-Recipient: rfc822; myemail@gmail.com
Original-Recipient: rfc822;myemail@gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [2605:f700:40:401::35c8:2c6f] Our system has
    detected that this 550-5.7.1 message does not meet IPv6 sending guidelines
    regarding PTR records 550-5.7.1 and authentication. Please review 550-5.7.1
    https://support.google.com/mail/?p=IPv6AuthError for more information 550
    5.7.1 . f6si1939294pgk.120 - gsmtp
Subject    Want it to work
From    test@subdomain.mydomain.com
To    myemail@gmail.com
Date    Today 10:33

guess it is stay with cPanel

I'm in bed looking at this with mobile phone, so forgive me if I misread..

 Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines


"Emails without authentication often get email blocked or marked as spam to protect recipients from phishing scams. Unauthenticated emails with attachments might get completely rejected for security reasons.

To ensure Gmail can authenticate you:

Send from the same IP addressKeep valid reverse DNS records your IP address that point to your domainChoose the same address in the 'From:' header for every bulk messageOther recommendationsSign messages with DKIM. We don't authenticate messages signed with keys that use fewer than 1024 bits.Publish a SPF record.Publish a DMARC policy." From Google

That is your problem...It wouldn't matter if you used cpanel or any other panel...it has nothing to do with that, it's a mail server anti-spam  issue.

Start from scratch with dns records....

 I used mxtollbox.com and create a reverse ptr record using their "spf" generator for ipv6 protocol.

Copy that record into your dns

Do the same for DMARC (don't just rely on dkim)

Otherwise, disable ipv6 and just use ipv4 only (still need reverse ptr spf for ipv4 btw)

 Google search mxtollbox DMARC generator for the url for creating this in mxtollbox.

Hope this helps

Kind regards
Adam

I'm in bed looking at this with mobile phone, so forgive me if I misread..

 Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines


"Emails without authentication often get email blocked or marked as spam to protect recipients from phishing scams. Unauthenticated emails with attachments might get completely rejected for security reasons.

To ensure Gmail can authenticate you:

Send from the same IP addressKeep valid reverse DNS records your IP address that point to your domainChoose the same address in the 'From:' header for every bulk messageOther recommendationsSign messages with DKIM. We don't authenticate messages signed with keys that use fewer than 1024 bits.Publish a SPF record.Publish a DMARC policy." From Google

That is your problem...It wouldn't matter if you used cpanel or any other panel...it has nothing to do with that, it's a mail server anti-spam  issue.

Start from scratch with dns records....

 I used mxtollbox.com and create a reverse ptr record using their "spf" generator for ipv6 protocol.

Copy that record into your dns

Do the same for DMARC (don't just rely on dkim)

Otherwise, disable ipv6 and just use ipv4 only (still need reverse ptr spf for ipv4 btw)

 Google search mxtollbox DMARC generator for the url for creating this in mxtollbox.

Hope this helps

Kind regards
Adam

Hi Adam, thanks for the response, much appreciated. Thing is I do not even have IPV6 setup in CWP, so no idea why even getting that message from gmail. I just thought it might be related to why all emails are being refused. I have been through all settings and my rdns for ipv4 is all correct so no idea why this is happening at all.

oh ok.

try testing at https://www.mail-tester.com/

I have not even used my mail server on CWP...so it is just default after installation of cwp.

I just added a new domain, created an email account and sent an email to the above address. The email was recieved no problem. Spam assassin and Spamhause had no issues at all and the score on both of these fronts was fine.

Obviously in a default as installed configuraiton,  my overall score was 2 out of 10. However, that is because i have not yet configured:

DMARC
SPF
DKIM
HELO
RPTR is currently pointing at the host instead of the actual domain i sent email from

I dont actually even have an MX record at my registrar for the domain.com i just sent the test email from (so server is using its own mx record)

I also sent myself an email from hotmail to CWP server. It received within 15 seconds with no issues even considering the above.

The above are all extremely simple fixes and will up my score much closer to 10 almost immediately, like mine, yours should at the very least be sending email to the above website straight out of the box (even with errors)

I would not go playing with the mail server at this point...i have found that doing that almost always ends up stuffing a configuration that is quite likely working and doesnt have anything wrong with it. Please do the above first before playing with server configuration.

If you are willing to let someone else into your server I would be happy to take a closer look but honestly, i think with some written advice here you should be able to get it working just fine.

These will be just teething problems that often happen as a result of getting used to a particular system and control panel.

Hey Adam, really appreciate you trying all this. I did try sending an email to that test email. That is actually the first email error message at the top of the post. Same issue gets instantly connection refused. That is what I do not understand, it is not even telling me why it is refused, just connection refused

I am trying a fresh install to see what or if it was something I did, then I might try someone else looking

ok, i just reread your first post.

What i did notice about mine is that on a fresh install, the hostname was still default to my vps service provider (ie guest.vultr.com).

This was strange because i was sure i had already assigned the correct hostname in Vultr console before i installed CWP. Anyway, here is the other thread about this...http://forum.centos-webpanel.com/ssl/hostname-change-due-to-cwp-not-reflecting-hostname-assigned-vps-provider-console/

When i changed the hostname, i noticed that the host1.mydomain.com SSL record is not appending to the SSL certs directory (see another post i have made about this yesterday). I expected it should/would.

So now, Dovecot on my system fails to start because the SSL cert is obviously missing from the certs directory.

Like you, I also have my main domain on another server (ie i have host1.mydomain.com, host2.mydomain.com, host4.mydomain.com) and the mydomain.com website is not on this VPS.

Hey Adam, I have not seen any issues like that, I am through Enzu for my vps and when I change my hostname through my portal and install centos it always has the correct hostname.

But I have been doing more testing with my issue and I think my problems are with vps config or something like that, as I installed cpanel today and ran the same test email and got same issue with connection refused. But with cpanel it gave me a report and I noticed something very strange and it is way out of my realm of diagnosing the issue.

If you look at the below report, take a look at the ip it says it is sending from. I don't understand why it is using that and that explains the gmail error message.

Code: [Select]

Event: defer warning
Sender User:
Sender Domain: mydomain.com
From Address: myemail@mydomain.com
Sender: myemail@mydomain.com
Sent Time: Jun 12, 2019, 5:29:17 PM
Sender Host: myhostname.mydomain.com
Sender IP: ::1
Authentication: dovecot_login
Spam Score:
Recipient: myemail@anotherdomain.com
Delivered To:
Delivery User: -system-
Delivery Domain:
Router: lookuphost
Transport: remote_smtp
Out Time: Jun 12, 2019, 5:29:17 PM
ID: 1haxhS-0000PB-5N
Delivery Host:
I did setup a proper domain for this test and had the main domain and hostname domain name on the same server. I have no idea where to go next anyone got any ideas please.

Can you ask ISP if port 25 is blocked?

OKay, thank you to all that tried to help. this issue is definitely not CWP issue. 

After a lot of messing around and several rebuilds of my VPS, for some reason my VPS provider told me to go and disable IPV6 in exim. I did this and the emails worked immediately.

I have never had to do this in the past and just as a note I set up a new VPS on a different provider and installed CWP and tested emails, guess what they worked straight away, I did not have to disable IPV6 anywhere. Anyway just if anyone else may come across this hope this saves you some headaches

Cheers.

great.
FINALLY its works