amuck-landowner

Please help me: VestaCP - Cannot get outgoing mail to work with an external client

Amitz

New Member
Dear all,


I was seeking a free Control Panel for some friends that I host on a VPS and came across VestaCP. I must say that I generally like it very much. Especially that it comes with with nginx included and that it is so reduced and simple.


BUT: I am getting crazy trying to get eMail to work. It seems impossible to send eMails with an external mail client like Thunderbird or Apple Mail. The webmailer works just fine for an account that I have created, but VestaCP refuses to work with the external clients.


I thought that it may be a Debian issue (tried it first with Debian 7, 64bit), but another test with CentOS 6 (64bit) brings up the same problem. So I simply assume that this must be a general problem and easy to solve if one just knows how to do it. Is there anyone among you who may help me out? @jarland perhaps? I saw that he knows a lot about VestaCP...


Thank you all very much in advance for any hint that may help!


Kind regards


Amitz
 
Last edited by a moderator:

notFound

Don't take me seriously!
Verified Provider
When you say external clients don't work, do you mean that they won't connect through or they connect but don't return anything or return an error or what?
 

mikho

Not to be taken seriously, ever!
Think I read something line this before. If this is the same problem then its about thunderbird is not sending a domain name or IP that exim allows.


There is a check that is made when a clients connect, check the logs and if it is the same problem there will errors directly after the HELO command.


If I remember correct the solution is line 2 rows (where the check happens) should be commented out in vestacp and everything should work ok.


I'm sorry that I'm vague about this but my memory is playing tricks on me right now.
 

Amitz

New Member
Sorry, yes - I was quite unspecific. My native language is german and the error messages of Apple Mail are in german (and quite verbose.

Thunderbird says:

An error occurred sending mail: The mail server sent an incorrect greeting:  rejected because XXX.XXX.XXX.XXX is in a black list at zen.spamhaus.org\nhttp://www.spamhaus.org/query/bl?ip=XXX.XXX.XXX.XXX.
While XXX.XXX.XXX.XXX is my dynamic IP. Would it help if I comment out that part?

/etc/exim/exim.conf

acl_check_spammers:
  accept hosts = +whitelist
  drop    message     = Your host in blacklist on this server.
  log_message   = Host in blacklist
  hosts         = +spammers
  deny    message     = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text
  dnslists     = ${readfile {/etc/exim/dnsbl.conf}{:}}
  accept
 
Last edited by a moderator:

Amitz

New Member
Yes, I do... Really strange.

However, I will have to unexpectedly stop the VestaCP experiment for some days and will try again later!
 

TheLinuxBug

New Member
I believe this issue is caused by Exim expecting a FQDN in the HELO.  cPanel actually more recently added this as an option and at one point had it turned on by default.  As a lot of windows users do not name their machine with an FQDN but instead use something line "JoesPC", "HP-DESKTOP134123", etc. if using a windows machine to connect to an Exim server which is expecting FQDN and the above is true, it will fail as "JoesPC" is not a FQDN.  I believe it is RFC2821 4.1.1.1.

Reference about this for cPanel: http://billing.webeasy.my/knowledgebase.php?action=displayarticle&id=294

I believe the setting you are looking for in exim is helo_accept_junk_hosts

As @mikho said, this should be able to be changed in the configurations without much effort.  

The other possibility is you have not enabled SMTP authentication when trying to send e-mails, it can cause a similar issue. However, I am assuming you already have this setup on your client. 

Edit:

If you are seeing the following in your logs like you said above:

An error occurred sending mail: The mail server sent an incorrect greeting:  rejected because XXX.XXX.XXX.XXX is in a black list at zen.spamhaus.org\nhttp://www.spamhaus....XXX.XXX.XXX.XXX.

Then you have a Dynamic ip blacklist enabled on the server which is not allowing you to connect because  the ip you are connecting from it located on that blacklist.  My suggestion is you remove the dynamic ip blacklist server from your RBL list.  This would allow that client to log in without issues. In this case it looks like Spamhaus which if they are listed in it they likely have bigger problems than just connecting to your e-mail and I would contact the local ISP to get the ip removed from the list.

Hopefully this help.

Cheers!
 
Last edited by a moderator:

jarland

The ocean is digital
Sorry, just logged in for today. Spamhaus doesn't like dynamic IP addresses and they like to list dynamic ranges. Go ahead and just cut them out of /etc/exim/dnsbl.conf (at least on centos, may vary on Debian based OS) and restart exim. I actually just have that file empty for mxroute now, I'd rather focus on bayesian filtering and fail2ban than subscribing to blacklists, it ends up better for everyone.

I also commented out some parts of exim.conf to cut out some more issues. I'm all about sharing, so feel free to take a look at the current live mxroute exim.conf linked below. There's no trade secrets here, I'd love to share with you anything I've done.

http://sprunge.us/BHZK
 
Last edited by a moderator:

Amitz

New Member
Thank you all! I will not be able to go on trying before Monday and will let you know how it works out!
 

Amitz

New Member
Well, well, well... Something is strange. I have used jarlands exim.conf, but still, I am unable to send eMails. Now it says, that the server cannot be reached via standard ports. I give up and look for another free panel with nginx and working eMail out of the box. However, thank you all for your help. Maybe I am the only person in the world having those problems with VestaCP.
 
Last edited by a moderator:

jarland

The ocean is digital
Well, well, well... Something is strange. I have used jarlands exim.conf, but still, I am unable to send eMails. Now it says, that the server cannot be reached via standard ports. I give up and look for another free panel with nginx and working eMail out of the box. However, thank you all for your help. Maybe I am the only person in the world having those problems with VestaCP.
If you dropped in the exim.conf it has the IP set that mail is sent out from, currently set to the IP active for outgoing mail on mxroute.
 

Amitz

New Member
If you dropped in the exim.conf it has the IP set that mail is sent out from, currently set to the IP active for outgoing mail on mxroute.
Stupid me! Is it the 162.150.xxx.xx IP?


What would be the right setting to send eMails via SMTP from the same server that VestaCP is installed on?


Thank you in advance!


Kind regards


-A
 

jarland

The ocean is digital
Stupid me! Is it the 162.150.xxx.xx IP?


What would be the right setting to send eMails via SMTP from the same server that VestaCP is installed on?


Thank you in advance!


Kind regards


-A
Yeah that's the one. Sorry I forgot to warn you of that. Any IP on the system works as long as you haven't forced exim to bind to a single address.
 

Amitz

New Member
Thank you, jarland!


Please accept my apologies for being a bit slow, but simply exchanging that IP with the server IP should do the trick for me? Is that right?
 

jarland

The ocean is digital
Thank you, jarland!


Please accept my apologies for being a bit slow, but simply exchanging that IP with the server IP should do the trick for me? Is that right?
Well, it should solve one problem at least. Make sure you're on centos, I think the configuration has some small differences in the Debian packages.
 

Amitz

New Member
I will try it again (with CentOS) and report back! :)


I, however, still wonder why something important like this is not working out of the box as it seems...
 

jarland

The ocean is digital
I will try it again (with CentOS) and report back! :)


I, however, still wonder why something important like this is not working out of the box as it seems...
It does for most of us, but some users have a problem with the default ACL in place. In your case it's mostly that your ISP was listed in the RBL that was set by default.
 
Last edited by a moderator:
Top
amuck-landowner