I got a phone call today from a client who’s accounts we’d transferred between two cPanel servers on Friday. Today, Monday about 12pm I get a call saying he’s receiving emails but can’t send. I’m told that there aren’t any error messages or bounced replies, but the receivers haven’t got the emails. So I took his details and said I’d call back.
Usually I see this happen if there is a problem with DNS, particularly with the hostname. The server’s hostname should always point to the primary IP address of the server. There should also be a reverse DNS (rDNS) or pointer setup on that IP address pointing back to the hostname. For example:
fileserver.domain.com.au -> 18.104.22.168
22.214.171.124 -> fileserver.domain.com.au
If you don’t do this, you’re asking for trouble. Most providers won’t accept email from you if you don’t setup your DNS properly. For example, here is a message from AOL:
$ telnet mailin-04.mx.aol.com 25
Connected to mailin-04.mx.aol.com.
Escape character is ‘^]’.
220-AOL may no longer accept connections from IP addresses
220 which no do not have reverse-DNS (PTR records) assigned.
221 2.0.0 Bye
Connection closed by foreign host.
In the past I’ve seen the server hostname accidently changed causing a mismatch, and in turn this problem.
However the actual cause of my problem today was caused by playing with cPanel settings I was unclear of. What does SMTP Tweak do exactly? It’s very poorly explained… well no, it’s not explained at all in Web Hosting Manager (WHM), but I extracted this from the cPanel docs explaining SMTP Tweak:
You may want to prevent users from bypassing your mail server to send mail. This is common practice for spammers. This feature allows you to configure your server so that the mail transport agent (MTA), Mailman mailing list software, and root user are the only accounts able to connect to remote SMTP servers.
If your clients are not setup to handle sending mail as an authenticated user, suddenly enabling SMTP Tweak in WHM will cause…
mailin-01.mx.aol.com [126.96.36.199] Connection refused
cluster9.us.messagelabs.com [188.8.131.52] Connection refused
cluster9a.us.messagelabs.com [184.108.40.206] Connection refused
email@example.com <firstname.lastname@example.org> R=lookuphost T=remote_smtp defer (111): Connection refused
mailipao.vtcif.telstra.com.au [220.127.116.11] Connection refused
email@example.com <firstname.lastname@example.org> R=lookuphost T=remote_smtp defer (111): Connection refused
gmail-smtp-in.l.google.com [18.104.22.168] Connection refused
alt1.gmail-smtp-in.l.google.com [22.214.171.124] Connection refused
alt2.gmail-smtp-in.l.google.com [126.96.36.199] Connection refused
alt3.gmail-smtp-in.l.google.com [188.8.131.52] Connection refused
alt4.gmail-smtp-in.l.google.com [184.108.40.206] Connection refused
Uhoh. cPanel’s SMTP Tweak does this by adding these rules to iptables:
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp — anywhere localhost tcp dpt:smtp
REJECT tcp — anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable
So in the end, it had nothing to do with his migration. It was a simple mis-click of SMTP Tweak. At least we know for certain what it does! It effectively firewalls your outbound connection from the server unless you’re an authenticated user, making it appear as if the destination server is blocking you. Unless you look carefully it has the potential to be confusing.
- Synchronise cPanel DNS Cluster from Command Line
- Modifying cPanel Mailbox Quota Errors “invalid maildirsize file”
- Understanding cPanel clustered DNS and Setup
- Moving From No Control Panel Servers to a cPanel Server
- Find What IP Address cPanel Site Is Using via Command Line
- Error Connecting to VPN – Error 850: The Extensible Authentication Protocol type required for authentication…
- Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (13)
- Error message “The file is either corrupted or does not have the latest credentials associated with recovery service. (ID: 34513) “