Skip to main content

SSL is installed but can't send encrypted emails

Comments

16 comments

  • cPanelMichael
    Hello @Samet Chan, I moved this post to it's own thread. The "telnet" utility isn't always installed by default. You can install it with the following command: yum install telnet
    Thank you.
    0
  • Samet Chan
    Hello @Samet Chan, I moved this post to it's own thread. The "telnet" utility isn't always installed by default. You can install it with the following command: yum install telnet
    Thank you.

    Ok, just installed telnet. They server are trying to connect after refused. [root@x ~]# telnet gmail-smtp-in.l.google.com 465 Trying 2a00:1450:400c:c09::1a... telnet: connect to address 2a00:1450:400c:c09::1a: Connection refused Trying 64.233.166.26...
    This IPv6 and IPv4 are from google.com, it's not my IP server.
    0
  • cPanelMichael
    Hello, I recommend reaching out to your data center or hosting provider to verify if there's anything filtering port 25 or port 465 traffic in their network or firewall rules. Providers will often block these ports as a SPAM prevention technique. Thank you.
    0
  • Samet Chan
    Hello, I recommend reaching out to your data center or hosting provider to verify if there's anything filtering port 25 or port 465 traffic in their network or firewall rules. Providers will often block these ports as a SPAM prevention technique. Thank you.

    I disabled CSF Firewall, but still they are trying to connect. [root@x ~]# telnet gmail-smtp-in.l.google.com 25 Trying 2a00:1450:400c:c0a::1b... Connected to gmail-smtp-in.l.google.com. Escape character is '^]'. 220 mx.google.com ESMTP p12-v6si7373990wrd.297 - gsmtp [root@x ~]# telnet gmail-smtp-in.l.google.com 465 Trying 2a00:1450:400c:c0a::1b... [root@x ~]# telnet gmail-smtp-in.l.google.com 587 Trying 2a00:1450:400c:c0a::1b...
    0
  • cPanelMichael
    I disabled CSF Firewall, but still they are trying to connect.

    CSF firewall is a local firewall on your server. Your data center or hosting provider could filter port 465 traffic in their network or router rules outside of your individual server. Can you check with them to see if that's the case? Thank you.
    0
  • Samet Chan
    CSF firewall is a local firewall on your server. Your data center or hosting provider could filter port 465 traffic in their network or router rules outside of your individual server. Can you check with them to see if that's the case? Thank you.

    Ok, I've contacted the hosting. They will reply back soon.
    0
  • Samet Chan
    Ok, we got received an email from support hosting. [QUOTE] Dear Samet, Thank you for your patience. The ports 465,25 and 587 are open on your VPS (xxx.xxx.xxx.xx) are open. The telnet command you mentioned in your previous message will try to open a telnet connection to the Google servers, which will most likely not accept such a request. You can see which service is running on which port with the following command: netstat -tulnp Since the ports mentioned by you are all occupied by exim, we are suspecting that you are having troubles with establishing an SMTP or IMAP connection. If that is the case, please provide us with cPanel login data to a domain you are having trouble with so we can try to reproduce your problem.
    And there, [QUOTE] [root@x ~]# netstat -tulnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8799/httpd tcp 0 0 0.0.0.0:2077 0.0.0.0:* LISTEN 1361/cpdavd - accep tcp 0 0 0.0.0.0:2078 0.0.0.0:* LISTEN 1361/cpdavd - accep tcp 0 0 0.0.0.0:2079 0.0.0.0:* LISTEN 1361/cpdavd - accep tcp 0 0 0.0.0.0:2080 0.0.0.0:* LISTEN 1361/cpdavd - accep tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 16083/dovecot tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 23094/cpsrvd (SSL) tcp 0 0 127.0.0.1:579 0.0.0.0:* LISTEN 8508/cPhulkd - proc tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 16083/dovecot tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 23094/cpsrvd (SSL) tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 23094/cpsrvd (SSL) tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 23094/cpsrvd (SSL) tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 8503/exim tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 16083/dovecot tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 3678/spamd child tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 16083/dovecot tcp 0 0 0.0.0.0:2095 0.0.0.0:* LISTEN 23094/cpsrvd (SSL) tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 538/rpcbind tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8799/httpd tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN 23094/cpsrvd (SSL) tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 8503/exim tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 15926/pure-ftpd (SE tcp 0 0 xxx.xxx.xxx.xx:53 0.0.0.0:* LISTEN 15891/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 15891/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16764/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 8503/exim tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 15891/named tcp6 0 0 :::443 :::* LISTEN 8799/httpd tcp6 0 0 :::993 :::* LISTEN 16083/dovecot tcp6 0 0 :::995 :::* LISTEN 16083/dovecot tcp6 0 0 :::3306 :::* LISTEN 8444/mysqld tcp6 0 0 :::587 :::* LISTEN 8503/exim tcp6 0 0 :::110 :::* LISTEN 16083/dovecot tcp6 0 0 ::1:783 :::* LISTEN 3678/spamd child tcp6 0 0 :::143 :::* LISTEN 16083/dovecot tcp6 0 0 :::111 :::* LISTEN 538/rpcbind tcp6 0 0 :::80 :::* LISTEN 8799/httpd tcp6 0 0 127.0.0.1:7984 :::* LISTEN 3203/java tcp6 0 0 :::465 :::* LISTEN 8503/exim tcp6 0 0 :::21 :::* LISTEN 15926/pure-ftpd (SE tcp6 0 0 :::22 :::* LISTEN 16764/sshd tcp6 0 0 127.0.0.1:8984 :::* LISTEN 3203/java tcp6 0 0 :::25 :::* LISTEN 8503/exim udp 0 0 127.0.0.1:323 0.0.0.0:* 564/chronyd udp 0 0 0.0.0.0:704 0.0.0.0:* 538/rpcbind udp 0 0 xxx.xxx.xxx.xx:53 0.0.0.0:* 15891/named udp 0 0 127.0.0.1:53 0.0.0.0:* 15891/named udp 0 0 0.0.0.0:111 0.0.0.0:* 538/rpcbind udp6 0 0 ::1:323 :::* 564/chronyd udp6 0 0 :::704 :::* 538/rpcbind udp6 0 0 :::111 :::* 538/rpcbind
    0
  • cPanelMichael
    Hello @Samet Chan, Thank you for the additional information. The telnet results over ports 465 and 587 are normal when checking Gmail, as Google blocks those connections. Can you let us know the specific error message you are receiving in your email client? One other item to rule out is the use of IPv6 lookups. Here are a couple of third-party URLs you may find helpful to test if this solves the problem: Forcing DNS lookups to use IPv4 instead of IPv6 - CentOS Thank you.
    0
  • Samet Chan
    Hello @Samet Chan, Thank you for the additional information. The telnet results over ports 465 and 587 are normal when checking Gmail, as Google blocks those connections. Can you let us know the specific error message you are receiving in your email client? One other item to rule out is the use of IPv6 lookups. Here are a couple of third-party URLs you may find helpful to test if this solves the problem: Forcing DNS lookups to use IPv4 instead of IPv6 - CentOS Thank you.

    I don't really use IPv6. I prefer to use IPv4. Gmail just keep receive of my spam folder from my site forum using 465 Port for SSL. And I only see in receive email for "Gray (TLS - standard encryption)", there no Green (S/MIME enhanced encryption). If I can a switch to Green (S/MIME enhanced encryption) and without check spam/junk folder?
    0
  • cPanelMichael
    Hello, If the issue relates to Gmail detecting messages from your server as SPAM, you should first review the guidelines on the following document to ensure they are followed: How to Keep your Email Out of the Spam Folder - cPanel Knowledge Base - cPanel Documentation Can you confirm that's the case? Thank you.
    0
  • Samet Chan
    Hello, If the issue relates to Gmail detecting messages from your server as SPAM, you should first review the guidelines on the following document to ensure they are followed:
    0
  • cPanelMichael
    Hello @Samet Chan, That's the example. You should replace "mx1.cpanel.net" with your server's hostname, and then replace "208.74.121.68" with the IP address that appears when running the first command. Thank you.
    0
  • Samet Chan
    Hello @Samet Chan, That's the example. You should replace "mx1.cpanel.net" with your server's hostname, and then replace "208.74.121.68" with the IP address that appears when running the first command. Thank you.

    Hostname was default by hosting. Do I need to contact hosting support to add this mx1.cpanel.net right?
    0
  • cPanelMichael
    Hostname was default by hosting. Do I need to contact hosting support to add this mx1.cpanel.net right?

    No, mx1.cpanel.net is just an example. You need to use your server's actual hostname (e.g. server.yourserver.com). Thank you.
    0
  • Samet Chan
    No, mx1.cpanel.net is just an example. You need to use your server's actual hostname (e.g. server.yourserver.com). Thank you.

    It is correct. [root@x ~]# dig https://x.server.net +short [root@x ~]# dig -x xxx.xxx.xxx.xx +short x.server.net.
    0
  • cPanelMichael
    It is correct.

    That's good. It means your server's PTR record is correctly configured, and you can proceed to check the additional guidelines on the following document: How to Keep your Email Out of the Spam Folder - cPanel Knowledge Base - cPanel Documentation Thank you.
    0

Please sign in to leave a comment.