Mail server with Cpanel

Khampol

Hi,
I use cpanel behind pfsense for my webserver. For the website all is fine (http. https). Now for the domain I setup the mail server.
My problem is i can send email but not receive. I already check all my dns. MX.. A.. all looks ok (I use Cloudflare).
Now if I ping the server mail mail.mydomain.com the right IP show but i have loss 100%.
I think to open all post need for that.

I am stuck for days now. please expert help...

Gertjan

First :

@khampol said in Mail server with Cpanel:

Now if I ping the server mail mail.mydomain.com the right IP show but i have loss 100%.

Your WAN IP doesn't reply to ping.
The WAN IP is from your ISP router ? Answer : make it reply for ICMP on WAN.
The WAN IP is from pfSense ? Same answer : add a rule on the WAN interface so it answers on 'pings' (ICMP).

The WAN IP is blocked by an equipment further upstream : you can't do nothing or one thing : take another host or ISP.

@khampol said in Mail server with Cpanel:

I am stuck for days now. please expert help...

The mail server : I guess you know how to craete NAT rules, as you have already some ports open.
True, incoming mail comes over TCP port 25.
Let's take the educational road :

Change this port :

to "26".

Right, mails won't come in, as mail servers talk over '25' to drop mails - but now you can test this port "26" from the outside with a simple telnet access :
I had mine listening on a port 26 for a while :

[2.5.0-RELEASE][root@pfsense.local.net]/root: telnet mail.test-domaine.fr 26
Trying 2001:41d0:2:927b::15...
Connected to mail.test-domaine.fr.
Escape character is '^]'.
220 mail.test-domaine.fr ESMTP Postfix
EHLO soitworks.tld
250-mail.test-domaine.fr
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

So, a connection to port 26 works.

That worked.
Back to 25.
Doesn't work.
Wtf ??

Now you get to know the very know secret ( 20 years or so ? ) : ISPs and other block the incoming port 25.
(they also can block OUTGOING port 25 TCP traffic, except to their own mail servers !!!!)
This means you can't have a mail server on that IP/host.
Don't beleive me ?
Ask Google.

Why this happened ?
There were far to many 'PC's' that were infected with mail trojans that started to spam mail the entire planet.
A lot of host suppliers / ISP's that port '25' would be blocked.

Btw : this is, imho, the reason.

I saw you did a local test.
Using a non local IP ????? Why ?
You should not your own WAN IPfrom the inside. That's horrible.
Or read about NAT reflection if you have to.

If my mail server mail.test-domaine.fr was local, I would still use the domain name "mail.test-domaine.fr" and I would have set up a host override on the unbound config page, so it would point to 192.168.1.x where x was the IP om my local mail server.
But can't have a local mail server.
I don't want one - as I use VPS's and bare bone real dedicated servers for that.
And my ISP will not allow me to do so (port 25 incoming blocked).

edit :

Your internal cpanel mail server listens on port 161 ?? That's true ?

Khampol

@gertjan
Its exactly my own error : I map port 25 to 161. I modified it to 25 and now it works.

PS : my server is host in a datacenter. Not at home :)

( Merci beaucoup mon cher ami. Quelle erreur de debutant de ma part ohlala :D )