How Am I Getting Email Notifications If Port 25 Is Blocked
I'm getting email notifications from Cpanel and my email is hosted by Google, not locally on the Cpanel server. It looks like port 25 is blocked and I never setup Exim to use Smarthosts. So how am I getting the emails? The header looks like its connecting on port 45064 but how does Cpanel know to use that port instead of 25 when I've not made any config changes to Exim?
telnet smtp.google.com 25 doesn't connect! Doesn't connect if I try port 45064 either.
eceived: from [127.0.0.1] (port=45064 helo=localhost.localdomain) by my.hostname.com with esmtpa (Exim 4.97.1) (envelope-from <cpanel@my.hostname.com>) id 1sM2LR-0000000BCS2-2vqn for my.email@mygoogledomain.com; Tue, 25 Jun 2024 02:20:09 -0700 Date: Tue, 25 Jun 2024 09:20:08 GMT From: cPanel Monitoring <cpanel@my.hostname.com> Message-Id: <1719307208.a1kYhS15OoLyUJL7@my.hostname.com> Reply-To: cPanel Monitoring <cpanel@my.hostname.com> Subject: [my.hostname.com] DISKCRITICAL blocks ⛔: [redacted] To: <my.email@mygoogledomain.com>
-
you can do:
exigrep 1sM2LR-0000000BCS2-2vqn /var/log/exim_mainlog
to see the entire delivery log.That email header only shows the mail is sent from localhost (127.0.0.1) port 45064.
0 -
That don't see anything that stands out
2024-06-25 02:20:09 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1sM2LR-0000000BCS2-2vqn
2024-06-25 02:20:09 1sM2LR-0000000BCS2-2vqn <= cpanel@xxxx H=(localhost.localdomain) [127.0.0.1]:45064 P=esmtpa A=dovecot_plain:__cpanel__service__auth__icontact__roajin6ypc2ph8rg S=38264 id=1719307208.a1kYhS15OoLyUJL7@xxxxx T="[xxxxx] DISKCRITICAL blocks \342\233\224: Mount Point \342\200\234/boot\342\200\235 (xxxx): 479.66\240MB/506.66" for server.admin@xxxxx
2024-06-25 02:20:09 1sM2LR-0000000BCS2-2vqn Sender identification U=__cpanel__service__auth__icontact__roajin6ypc2ph8rg D=-system- S=__cpanel__service__auth__icontact__roajin6ypc2ph8rg
2024-06-25 02:20:10 1sM2LR-0000000BCS2-2vqn => server.admin@xxxxxx R=dkim_lookuphost T=dkim_remote_smtp H=ASPMX.L.GOOGLE.com [74.125.199.26] TFO X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=yes C="250 2.0.0 OK 1719307210 d9443c01a7336-1f9eb2f251dsi78501155ad.20 - gsmtp"
2024-06-25 02:20:10 1sM2LR-0000000BCS2-2vqn CompletedAI gave this but it still doesn't explain why I'm seeing emails sent to the admin's gmail account using 4XXXX port numbers (not always the same). There is no 3rd party relay configured. This is bizarre.
In a standard cPanel/WHM setup on AlmaLinux (or any other Linux distribution), even if outbound port 25 is blocked, cPanel notifications can still reach your Gmail account through the following mechanisms:
-
WHM Configuration: By default, WHM is configured to use the server's hostname for sending emails. If your server's hostname resolves to a public IP address with an open port (other than 25, likely port 587 for submission), Exim can still send emails using that alternative route.
-
Gmail's Inbound Routes: Gmail and other email providers don't solely rely on port 25 to receive emails. They often have multiple inbound mail servers with different IPs and ports. It's possible that cPanel is successfully sending emails through an alternative port (like 587 or 465) that's open on your network.
-
Email Relay: In some cases, if direct sending fails, cPanel might be configured to use a third-party email relay service (e.g., SendGrid, Mailgun) to deliver your notifications. These services have their own infrastructure and can often bypass restrictions on specific ports.
How to Verify:
-
Check WHM Configuration:
- In WHM, go to "Server Configuration" -> "Basic WebHost Manager Setup."
- Under the "Mail" tab, verify the "Send mail from account" and "Backup MX hosts" settings. These can indicate whether a relay is being used or if the server is attempting to send directly.
-
Check Exim Mainlog:
- On your server, you can examine the Exim mainlog (
/var/log/exim_mainlog
) for clues about how emails are being sent. Look for entries related to your Gmail address and see if they mention successful delivery or alternative ports.
- On your server, you can examine the Exim mainlog (
0 -
-
That log shows that exim is connecting to ASPMX.L.GOOGLE.com and the email is succesfully sent.
That log does not show what port is used to send to Gmail, but it's not 4XXXX port, that is the port from where the mail is sent from localhost to exim.
If you open the email in Gmail, click the 3 dots in top right corner, and click "Show original", you will see the email including full headers.
0
Please sign in to leave a comment.
Comments
3 comments