Email server

that is my ip

there is no vpn

my ports are open

Okay. I have tried to send an simple email to some user for example [email protected] and got this as result:

SMTP error from remote server for RCPT TO command, host: mail.uk-cra.org (88.98.222.251) reason: 554 5.7.1 <[[email protected]](mailto:[email protected])>: Relay access denied

The good news, you have figured out how to setup your MX and A record for your domain to make your email work which is a quetsion of the topic :wink:

Moreover, what email server are you using? Postfix and Dovecot or some other?

It responds to SMTP on Port 25, but I guess that’s about it. So it will accept incoming email, but your mail clients might not be able to connect to retrieve email.

1 Like

Sending / receiving emails still doesnt work and the setup is different than your tutorial so i am still not sure what setting is wrong.
I use Dovecot

Open ports you have currently:

443
80
25
143
587
993
465

Assuming you do not use an SSL for your email server?

25, 465, 587, 143, 993
all open and forwarding to the mail server

correct
i use tls

email not working
the dns settings are still unclear

On the Cloudflare side, it is good configured now.
Moreover, you can later add SPF, DMARC, DKIM records.

From my perspective, the next thing needs to be configured at your email server for receiveing and sending an mail (add your domain mail.uk-cra.org to hosts, setup the rDNS, FcrDNS, make changes to config files like main.cf, master, dovecot.conf … and restart your email services).

Have you tried to send and receive some mail from like your Gmail?

I had that domain mail.uk-cra.org added and it didnt work.
Now I changed all setting to uk-cra.org and now it works.
How can this be? Why does it not work with mail.uk-cra.org? Isnt that the expected setting ?

Something on CLoudfalre side still not right.
I have two A records. When I Proxy the root domain A record, the email server does not work although traffice should still find its way through the other (grey) A record mail.rootdomain.org
What is wrong here?

I am worried more about your configuration files at your end rather than the Cloudflare DNS. Because when you have added your domain to your Cloudflare account, from this moment the Cloudflare DNS is the “headmaster” for the DNS entries of your domain uk-cra.org and it makes sure that any connection the visitor or some service request goes to the right location.

Moreover, if you have pointed mail.uk-cra.org to your IP address, then if configured correctly it should resolve at your end.
Is your domain (mail.uk-cra.org) added under the hosts file and configuration files of your email server (Dovecot, Postfix …)?

Moreover, have you used some tutorial to setup your mail server?

1.Can you receive an email from outside to your [email protected] having the A mail record :grey:?
2. Can you send an email out from [email protected] to your Gmail having the A mail record :grey:?

Or test here:

Hera are few good examples about your incomming and outgoing email server setup:

As far as I tested, you have not added your mail.uk-cra.org subdomain when you were generating an SSL certificate.

Meaning, yes it “works” as you stated because the only domain in the SSL is your main domain “uk-cra.org”, so when this record is :grey: cloud, it should work but then it is also related to your website not being proxied :orange: via Cloudflare.

So, current situations:

  1. Having :grey: cloud for A www and A uk-cra.org records and email will work, but the Website will not use benefits and will not be proxied via Cloudflare

  2. Having :orange: cloud for A www and A uk-cra.org records, while email will not work, but the Website will be proxied via Cloudflare

  3. Solution is to, as is, adding another A record mail like you have already and make it :grey: cloud. Generate a SSL certificate and add all of yours like: mail.uk-cra.org uk-cra.org www.uk-cra.org to be sure all are covered in that case (you would also benefit having the End-to-end option for your Website, more about it here: https://support.cloudflare.com/hc/en-us/articles/200170416-End-to-end-HTTPS-with-Cloudflare-Part-3-SSL-options)

You would need to configure your mail server.

2 Likes

thanks for your pointers. I am working on this.
Can you let me know which site you use to test the mail server?
thanks

1 Like

Sharing here a list of websites/tools I usually use to check, test or even generate something in case I forgot how does it go:
https://toolbox.googleapps.com/apps/dig/
https://ssl-tools.net/
https://ssl-tools.net/mailservers
https://ssl-tools.net/mails
https://www.checktls.com/TestReceiver
https://www.mail-tester.com/
https://en.internet.nl/test-mail/
https://intodns.com/
https://powerdmarc.com/power-dmarc-toolbox/
https://www.immuniweb.com/ssl/

Hope they will help you too :wink:

2 Likes

thanks. It is strange that only ssl-tools.net shows an error
“host name mis match” while the others say the certificates are all OK

works now. I think ssl-tools uses some cached entries from yesterday. Now it has updated.
Thanks again

1 Like

I am glad you have successfully resolved your issue.
Yes, there could be some cache and in that case there is also a button “Refresh” to gather new results upon the cached one.

As far as I have used the tool again on your domain, now the SSL certificate has your mail sub-domain added.
In the other topic you have asked about SPF, I checked that and it also exists.
Needed ports are also open (was before).

Moreover, when I try to access your website it shows up Error 526 - Invalid SSL certificate.

Since you have an SSL certificate (which is self-signed or you generated it via Let’s Encrypt?) that covers your uk-cra.org and mail.uk-cra-org, and port 80 and 443 are both open on the domain and your IP address of your web server, I assume your web server is running, isn’t it right?

Just quick check which SSL option do you have enabled at Cloudflare dashboard?

  • Should be “Full SSL” and as hopefully as already is :orange: cloud on the next records:

Your A mail record should stay as it is now currently on :grey:

Moreover, see more information about your 526 error regarding website here:

Since it would be a good way to create another topic regarding your new issue, nevertheless let’s try to fix that issue too and you are good to go :wink:

This topic was automatically closed after 31 days. New replies are no longer allowed.