Mail not working anymore (SEND AND RECEIVE)

Thanks sdayman. It helps. I will come back here after I change the mail server configuration and confirm outlook send&receive mail is ok.
Your help much appreciated.
Regards,
M.

I personally think the problem is related to these entries:

  • FTP (optional)
  • IMAP (for syncing Mails)
  • POP3 (for reading Mails)
  • SMTP (for sending Mails)

Should never be proxied. Specially SMTP (for sending Mails) does not work if proxied.
Try to unproxy :grey: them instead of proxying :orange: them and try again.

Also FTP Protocol will not work if proxied, but this is not related to Mail.

1 Like

They still point to a proxied hostname. Even though Cloudflare will replace that hostname with an unproxied one, it’s not great. Those should also be unproxied “A” records, like ‘mail’. But best yet, just don’t use those hostnames. Stick with ‘mail’ in your app connection.

2 Likes

I just tested this and seems like CloudFlare will convert unproxied :grey: internal CNAMES which point to a proxied :orange: A Entry to a publicly A-Entry which points to the same IP as the Proxied A-Entry. So this should work:

image

3 Likes

Yes, but it’s not a desirable setup. You and I both know the best setup is a straightforward unproxied “A” record.

1 Like

Hi Sdayman and M4rt1n,
I have just deleted my mail account and recreated it on outlook for Mac, using mail.mydomain.com in the settings for both imap and smtp
I can confirm that even though the test email I sent is in my SENT mailbox on outlook, for some reason it doesn’t go thru. I sent this test email to my gmail address a while back but it’s not in my gmail inbox.
This is weird…
Any ideas?

Thanks.
Regards,
M

If it does not go through there should be an error. Without error codes/logs its hard to start debugging.
Please also run at your local machine this command (in CMD)

nslookup mail.yourdomain.com

and check if it returns the correct IP or if the IP "when beeing proxied) is still locally cached at your device.

Result of this command is:
macbook-pro-13:~ me$ nslookup mail.mydomain.com
Server: AAAA:bbbb:ccc:dddd:eeee:ffff:0000:cbb0
Address: AAAA:bbbb:ccc:dddd:eeee:ffff:0000:cbb0#11

Non-authoritative answer:
Name: mail.mydomain.com
Address: XX.YY.ZZ.AA (which is the IP of my server)

I wish there was an error. But Outlook is quiet when it sends the email. I can see it in SENT mailbox though.
One thing I can mention: when I set up my account with “mail.mydomain.com”, for both smtp and imap, Outlook says “no secure connection available” I clicked on CONTINUE.
Old emails did synchronise properly.

Apart from that no error messages, no bounce back. Seems like email is stuck somewhere on my server but couldn’t find how to reach recipient.

Thank you.

Regards,
M

Without an error its hard to tell.

But maybe your Mail is getting send out and just getting rejected by the receiver?
Do you see your testmails in the folder “Outgoing Mail” (or something like this)?

But if its not getting shown there I’m sorry I can not help any further here. Just make sure you have all subdomains/doamins unproxied which are related to Mail and everything else is not related to CloudFlare as CloudFlare does not do anything with MailService.

Some other little recommendations:

As you use Plesk, make sure you:

  1. have all required Ports open:
    1.1 SMTPS: 465
    1.2 SMTPS: 587
    1.3 IMAP (SSL): 993
    1.4 POP3 (SSL): 995

Also make sure your Hosting Provider has opened these Ports aswell. If you are at IONOS you have to open them seperately in your Server-Management. So please check if your Hosting provider has opened all required ports

  1. When I run a SMTP test on your Domain I do get this error:
    Network Tools: DNS,IP,Email
    SMTP Banner Check - Reverse DNS does not match SMTP Banner

  2. Finaly there is a Tutorial for troubleshooting:
    Email Troubleshooting

Thanks for the tutorial. But I don’t think this has anything to do with email settings. Since, as I said, it was working properly before.

Regards,
M.

If you now send a Mail… will it get displayed there or not?

Please try this tool:

Send a Mail to the mail which is provided there and check what it says and if it receives the Mail.

No apparently I can not. But anyway I would recommend you opening Port 587 (SMTPS TLS) and try again. There is apprently nothing more I can do here.
As soon as everything is unproxied what is Mail related (SEE) its not up to CloudFlare anymore. The problem 100% is on your Serverside and I do not have any access to your server so I can not help you.

Like always I never recommend putting MailServer on the same Machine as the WebServer. It always causes problems.

Another question:

As you said

Whats else did get changed between “before” and now?

  1. moved to CloudFlare
  2. what else? Changed Server? ReDeployed or set up Server again?
1 Like

Before → means before we added Cloudflare CDN.
Our web server and mail server were indeed on same machine. Set-up did not change.
Then, yesterday move to Cloudflare
Changed DNS Server, and Added DS records for DNSSEC to work with Cloudflare.

I understand that without access to our server there is not much more you can do. Still I do appreciate a lot the help you gave me.

PS: I will try opening port 587 and see if it works better

Thank you.
Regards,
M.

1 Like

Well you are facing 2 problems…

  1. You are trying to proxy mail traffic through CF which CF doesn’t allow. So unproxy everything except for ‘www’ and the domain name itself or ‘@’.

  2. The MTA ports are firewalled which you have to open: 25 143 993 995 587 465

Once you have done those, make sure your subdomain mail.mydomain.com resolves to the IP of your server. After that try to connect Outlook again and test.

Hi mamoudou.traore,

Could you let us know few things:

  1. What is your domain
  2. What is the email address you are try to send email to and the sender didn’t receive any bounce message
  3. What is the SMTP configuration you have in your email client? We need mail serer, port, tls, username(no need and please dont paste your password here

when I use webmail I can send email and receive email just fine: when you use webmail, the mail server bypass the SMTP layer, it’s the one initiate email out. Thats why it works and it signals that this is just some DNS messup.

I’m asking because your DNS looks correct, though not ideally as @sdayman said, mail should be a straight A record without any proxying. CF try to convert that, but it’s up to mail client to follow that CNAME or not.

To receive

Hi darrylYeoh,

Thanks for this analysis. I have done 1 already, and will revert in the morning (western europe time) when sys admin has open ports you indicated. I will then test again and let you know the outcomes.

Thank you.

Regards,
M

Hi @hanami.run,
Our domain is nomadkare.com, I try to send email to “[email protected]” from “[email protected]

Mailserver was initially set to nomadkare.com and we were using TLS on port 465.

Thank you for the explanation on webmail not having issue. It helps.

Regards,
M.

I just double check and your DNS looks good.

  1. your MX records look good and you should be able to receive email. It’s pointing to mail.nomadkare.com. 299 IN A 46.105.117.47 properly. Port 25 and port 465 are open so anyone can send you email just fine. So check your postfix log to see why it reject incoming email. Or your incoming email are working fine now?
  2. Port 993 is for IMAP, which is to fetch email, which is again, opening properly so we’re good on IMAP
  3. In your SMTP configuration, make sure. you set it to mail.nomadkare.com, not nomadkare.com. However, your SMTP port isn’t open. Make sure you enable port 587.

Port 25 and port 465 are for mail submission, as in, people send email to your domain. Anyone in the world can send email to your inbox without knowing your password, so the world can connect to this port without any authentication data, and write email data, your mail server(ip 46.105.117.47) accepts it, stored it and show it on webmail or return to your IMAP client.

Port 587 is for outgoing mail, where you send out email from your domain, this needs authentication, and apparently this port is closed right now. I cannot connect to it.

I don’t know why it was working before. My only guess is somehow your provider probably detect mail service on your DNS and open the port for you. Now you migrate DNS out and they didn’t know about it and pro-actively close it.

To open the port in OVH, follow this document: Configuring the Firewall Network | OVH Guides to whitelist port 587, you want a 0.0.0.0/0 in there to allow connect to it from anywhere.

3 Likes

Most of the time with these things is missing, or improperly configured, DKIM/SPF etc…, or less often bad DNSSEC config or parent delegation. Not on my the computer, but in any case, it’s always really hard to tell what is the right mail configuration for you.
If you are configuring a new setup, which this is because it a new DNS provider, it’s much easier to tell with two mail servers sending to each other In that case, you could see in the Mail server logs what is happening on each end.
At the end of the day, it’s usually the receiving mail server rejecting your security mail records, most will as a antispam or forgery protection, only accepting mail requests that have been properly certified.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.