Email

/
/
Mail server failure in ispmanager 6

Mail server failure in ispmanager 6

Symptoms

Emails can not be sent or received by the mail server in ispmanager 6.

Causes

  • An outdated version of the panel is used;
  • Limitations on the mail server ports;
  • No mail domain in the panel;
  • Missing MX records for the domain;
  • A-record for the mail domain has an incorrect value;
  • No PTR record is specified for the mail server IP address;
  • Missing TXT records with DKIM and DMARC for the domain.

Solution

Outdated version of the panel

Make sure the panel is updated to the latest version. You can check the current version in our changelog.

If your panel version is outdated, perform an update to the latest version.

Limitations on the mail server ports

For the mail server to work correctly, ports 110, 143, 993, 995, 587, 465 and 25 must be available on the server.

Use the telnet and nmap utilities to check if the ports are available for connection.

Telnet check

Using the telnet utility, it is possible to check port availability from a remote machine by executing the command:

telnet <ip address> <port>

 

For example, to check the availability of inbound connections (port 110) on the mail server at 172.31.97.58, run the following command:

telnet 172.31.97.58 110

If the port connection to the server is available, the command will output the following:

Trying 172.31.97.58...
Connected to 172.31.97.58.
Escape character is '^]'.
+OK Dovecot (Ubuntu) ready

If the port connection is unavailable, the command will return an error: "Unable to connect to remote host: Connection refused"

 

To check the availability of outbound connections, run a command on your server. For example:

telnet smtp.gmail.com 25

If the connection is successful, the command output will be the following:

Trying 142.251.1.109...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 smtp.gmail.com ESMTP 2adb3069b0e04-52fd5c2931asm880471e87.240 - gsmtp

If the port connection is unavailable, the command will return an error:  "Network is unreachable".

PLEASE NOTE!

The address  "smtp.gmail.com" can be used to check ports 25 and 465. To check the availability of ports 143 and 993, use the address "imap.gmail.com".

Nmap check

Using the nmap utility, it is possible to check port availability from a remote machine by running the command:

nmap <ip address> -p<port>

 

For example, to check the availability of inbound connections (port 110) on the mail server at  172.31.97.58, run the following command:

nmap 172.31.97.58 -p110

If the port connection to the server is available, the command output will show the "open" status (column"STATE"):

Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-01 11:11 MSK
Nmap scan report for isptest.ru (172.31.97.58)
Host is up (0.014s latency).
PORT	STATE SERVICE
110/tcp open  pop3
Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

The "filtered" status indicates that the port connection is restricted from the server side. The "closed" status indicates that the port is not listened to by the service or port connection is restricted at the network level from the server side.

Additionally, the -Pn key, which is specified instead of a specific port, can be used to check the status of all listening ports:

$ nmap 172.31.97.58 -Pn
Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-01 11:11 MSK
Nmap scan report for isptest.ru (172.31.97.58)
Host is up (0.071s latency).
Not shown: 982 closed tcp ports (conn-refused)
PORT     STATE    SERVICE
21/tcp   filtered ftp
22/tcp   filtered ssh
25/tcp   open     smtp
53/tcp   open     domain
80/tcp   open     http
110/tcp  open     pop3
111/tcp  open     rpcbind
143/tcp  open     imap
443/tcp  open     https
465/tcp  open     smtps
587/tcp  open     submission
873/tcp  open     rsync
993/tcp  open     imaps
995/tcp  open     pop3s
1100/tcp filtered mctp
1500/tcp open     vlsi-lm
3306/tcp open     mysql
5432/tcp open     postgresql

PLEASE NOTE!

Windows does not include the nmap utility as a standart feature. It can be installed from the official website.

No mail domain in the panel

Make sure the domain is present in the "Mail" - "Mail Domains" section. Add and configure it if necessary following the instructions in our documentation.

Missing MX records for the domain

Make sure that the domain MX records are created and point to the correct mail server address.

Typically, MX records point to the mail subdomain. For example, for a domain.com domain, the MX record would point to mail.domain.com.

Use the dig utility to check DNS records. For example, to check the A-record for the  domain.com domain on Google DNS servers, execute the following command: 

dig MX domain.com @8.8.8.8 +short

If records exist on the DNS server, they will be displayed in the output:

10 mail1.domain.com.
20 mail2.domain.com.

On Windows, you can use the nslookup utility to check DNS records.

A-record for the mail domain has an incorrect value

Make sure the A record for your email domain points to the correct IP address.

Use the dig utility to check DNS records. For example, to check the A-record for the mail.domain.com domain on Google DNS servers, execute the following command: 

dig A domain.com @8.8.8.8 +short

If the record exists on the DNS server, it will be displayed in the output as an IP address which should match the IP address of the mail server.

No PTR record is specified for the mail server IP address

The PTR record for the mail server IP address must match the server name (hostname).

PLEASE NOTE!

The PTR record is created on the side of the IP address owner. Often the IP address owner is the hosting provider.

To find out the name of your server, use the hostname command. If you are using the ispmanager 6 panel, you can also see the server name in the "Settings" - "System settings".

 

Use the dig utility to check DNS records. For example, to check the PTR record for the  172.31.97.58 IP address on Google DNS servers, execute the following command: 

dig -x 172.31.97.58 @8.8.8.8 +short

If the record exists, the command output will display the server name at its end, which is specified in the record:

58.97.31.172.in-addr.arpa 3600 IN PTR example.com

Missing TXT records with DKIM and DMARC for the domain

A DMARC record defines a policy to protect a mail domain from spam and phishing emails.

A DKIM record is a key which is used to identify the sender. It also helps in protecting against spam and phishing.

In the ispmanager 6 panel, to create both records, simply enable the relevant options in the mail domain settings in the “Mail” section.

 

PLEASE NOTE!

To enable DKIM, OpenDKIM must be installed in the "Software configuration" - "Mail server" section.

 

Once the options are enabled, the related DNS records for the domain will be generated in the "DNS management":

  • _dmarc.domain.com - DMARC record name;
  • dkim._domainkey.domain.com - DKIM record name.

Remember that if your domain is managed on a third-party DNS server, such as a registrar, it is required to add records on that DNS server.

Test the functionality of your mailbox with Mail-Tester!

In this article