Mail not working anymore (SEND AND RECEIVE)

DNS & Network
#1

Dear All,
I am looking for support and help to get our e-mail service working online.
I have gone thru the topic list but couldn’t find similar description of our problem:
We have a domain for more than a year at OVH registrar, this domain was properly set-up. Our email services (send&receive) was working fine.
We have recently decided to use cloudflare to speed page load time (and it worked BTW, thanks folks @Cloudfare)

I changed nameservers on OVH to point to those indicated by Cloudflare
But today when I try to send email it doesn’t go out, and no emails will come in.
I am totally confused.
A records are not proxied (as it should be according to what I read in Help Center) and when I use Diagnostic Center | Check SSL and Test Website Security | Cloudflare it talks about DNSSEC…

Can somebody help and explain what needs to be done please?

Our configuration is in the screenshot attached.

Any help appreciated.

Best Regards,
M.

DNS configuration-Mail not working anymore
DNS configuration-Mail not working anymore2174×962 223 KB

#2

Your DNS is properly set up with a functioning mail server.

Are you saying that when people send you mail, it bounces back to them? Have you tried webmail?

I suspect that your mail client is configured to connect to the naked domain instead of the ‘mail’ subdomain.

#3

Hi Sdayman,
Thanks for your answer.
In fact, on send issue -via Outlook- what I mean is: when people send me email, they will not receive any bounce back message. Nor any other error message.
When I send email to people, same thing. I will not receive any error message saying that it can’t send email.
But when I use webmail I can send email and receive email just fine.

Also, you are right: on Outlook mail server is set to “domain.com” and not “mail.domain.com”. I will change that in Outlook and see if it solves this problem.

Would you happen to know why Cloudflare complains on the first line of my domain (see screenshot)? It says that I need to change proxy status. When I do, A record is OK. But then MX records will now have the same warning. It seems that it’s like a toggle

Thank you.

Capture d’écran 2021-03-17 à 16.23.33
Capture d’écran 2021-03-17 à 16.23.332248×648 155 KB

Regards,
M.

#4

That’s a normal warning for when you host non-website services on the same server as your site. Cloudflare doesn’t proxy ‘mail’, so you can’t keep your site’s IP address secret.

#5

Thanks sdayman. It helps. I will come back here after I change the mail server configuration and confirm outlook send&receive mail is ok.
Your help much appreciated.
Regards,
M.

#6

I personally think the problem is related to these entries:

MAIL Problem
MAIL Problem2042×894 124 KB

  • FTP (optional)
  • IMAP (for syncing Mails)
  • POP3 (for reading Mails)
  • SMTP (for sending Mails)

Should never be proxied. Specially SMTP (for sending Mails) does not work if proxied.
Try to unproxy :grey: them instead of proxying :orange: them and try again.

Also FTP Protocol will not work if proxied, but this is not related to Mail.

1 Like
#7

They still point to a proxied hostname. Even though Cloudflare will replace that hostname with an unproxied one, it’s not great. Those should also be unproxied “A” records, like ‘mail’. But best yet, just don’t use those hostnames. Stick with ‘mail’ in your app connection.

2 Likes
#8

I just tested this and seems like CloudFlare will convert unproxied :grey: internal CNAMES which point to a proxied :orange: A Entry to a publicly A-Entry which points to the same IP as the Proxied A-Entry. So this should work:

image
image1025×80 3.51 KB

image

3 Likes
#9

Yes, but it’s not a desirable setup. You and I both know the best setup is a straightforward unproxied “A” record.

1 Like
#10

Hi Sdayman and M4rt1n,
I have just deleted my mail account and recreated it on outlook for Mac, using mail.mydomain.com in the settings for both imap and smtp
I can confirm that even though the test email I sent is in my SENT mailbox on outlook, for some reason it doesn’t go thru. I sent this test email to my gmail address a while back but it’s not in my gmail inbox.
This is weird…
Any ideas?

Thanks.
Regards,
M

#11

If it does not go through there should be an error. Without error codes/logs its hard to start debugging.
Please also run at your local machine this command (in CMD)

nslookup mail.yourdomain.com

and check if it returns the correct IP or if the IP "when beeing proxied) is still locally cached at your device.

#12

Result of this command is:
macbook-pro-13:~ me$ nslookup mail.mydomain.com
Server: AAAA:bbbb:ccc:dddd:eeee:ffff:0000:cbb0
Address: AAAA:bbbb:ccc:dddd:eeee:ffff:0000:cbb0#11

Non-authoritative answer:
Name: mail.mydomain.com
Address: XX.YY.ZZ.AA (which is the IP of my server)

I wish there was an error. But Outlook is quiet when it sends the email. I can see it in SENT mailbox though.
One thing I can mention: when I set up my account with “mail.mydomain.com”, for both smtp and imap, Outlook says “no secure connection available” I clicked on CONTINUE.
Old emails did synchronise properly.

Apart from that no error messages, no bounce back. Seems like email is stuck somewhere on my server but couldn’t find how to reach recipient.

Thank you.

Regards,
M

#13

Without an error its hard to tell.

But maybe your Mail is getting send out and just getting rejected by the receiver?
Do you see your testmails in the folder “Outgoing Mail” (or something like this)?

But if its not getting shown there I’m sorry I can not help any further here. Just make sure you have all subdomains/doamins unproxied which are related to Mail and everything else is not related to CloudFlare as CloudFlare does not do anything with MailService.

Some other little recommendations:

As you use Plesk, make sure you:

  1. have all required Ports open:
    1.1 SMTPS: 465
    1.2 SMTPS: 587
    1.3 IMAP (SSL): 993
    1.4 POP3 (SSL): 995

Also make sure your Hosting Provider has opened these Ports aswell. If you are at IONOS you have to open them seperately in your Server-Management. So please check if your Hosting provider has opened all required ports

  1. When I run a SMTP test on your Domain I do get this error:
    Network Tools: DNS,IP,Email
    SMTP Banner Check - Reverse DNS does not match SMTP Banner

  2. Finaly there is a Tutorial for troubleshooting:
    Email Troubleshooting

#15

Thanks for the tutorial. But I don’t think this has anything to do with email settings. Since, as I said, it was working properly before.

Regards,
M.

#16

If you now send a Mail… will it get displayed there or not?

Please try this tool:

Send a Mail to the mail which is provided there and check what it says and if it receives the Mail.

#18

No apparently I can not. But anyway I would recommend you opening Port 587 (SMTPS TLS) and try again. There is apprently nothing more I can do here.
As soon as everything is unproxied what is Mail related (SEE) its not up to CloudFlare anymore. The problem 100% is on your Serverside and I do not have any access to your server so I can not help you.

Like always I never recommend putting MailServer on the same Machine as the WebServer. It always causes problems.

Another question:

As you said

Whats else did get changed between “before” and now?

  1. moved to CloudFlare
  2. what else? Changed Server? ReDeployed or set up Server again?
1 Like
#19

Before → means before we added Cloudflare CDN.
Our web server and mail server were indeed on same machine. Set-up did not change.
Then, yesterday move to Cloudflare
Changed DNS Server, and Added DS records for DNSSEC to work with Cloudflare.

I understand that without access to our server there is not much more you can do. Still I do appreciate a lot the help you gave me.

PS: I will try opening port 587 and see if it works better

Thank you.
Regards,
M.

1 Like
#20

Well you are facing 2 problems…

  1. You are trying to proxy mail traffic through CF which CF doesn’t allow. So unproxy everything except for ‘www’ and the domain name itself or ‘@’.

  2. The MTA ports are firewalled which you have to open: 25 143 993 995 587 465

Once you have done those, make sure your subdomain mail.mydomain.com resolves to the IP of your server. After that try to connect Outlook again and test.

#21

Hi mamoudou.traore,

Could you let us know few things:

  1. What is your domain
  2. What is the email address you are try to send email to and the sender didn’t receive any bounce message
  3. What is the SMTP configuration you have in your email client? We need mail serer, port, tls, username(no need and please dont paste your password here

when I use webmail I can send email and receive email just fine: when you use webmail, the mail server bypass the SMTP layer, it’s the one initiate email out. Thats why it works and it signals that this is just some DNS messup.

I’m asking because your DNS looks correct, though not ideally as @sdayman said, mail should be a straight A record without any proxying. CF try to convert that, but it’s up to mail client to follow that CNAME or not.

To receive

#22

Hi darrylYeoh,

Thanks for this analysis. I have done 1 already, and will revert in the morning (western europe time) when sys admin has open ports you indicated. I will then test again and let you know the outcomes.

Thank you.

Regards,
M