• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Cannot connect to mail-tester.com

Khozama

New Pleskian
Hi,

I cannot send an email to mail-tester.com. I have tried everything I know of and ran out of ideas.

To sum it up:-
1. I was able to send emails to mail-tester.com last week without a problem
2. Now, maillog displays (Connection timed out)
3. Port 25 is open - I can send emails to all domains
4. Ping + telnet: no reponse (but they work with other domains, e.g. yahoo, google, etc)
5. traceroute cannot pass the first line (192.168.0.1 (192.168.0.1) 0.058 ms 0.025 ms 0.022 ms)
6. Reset router + restarted Postfix + restarted VPS server: no luck still
7. IP address is not blocked - 100% NORMAL status on all testing sites
8. mail-tester suggests this: Your SMTP or web host is probably blocking your emails
9. But our webhost is not blocking anything (and they couldn't help)

Strangely though, emails to mail-tester.com do not bounce back at all.

Have you come across this issue before? What other step one could take in the way of diagnosing and hopefully resolving the issue? Is there something in SMTP or Postfix configuration that can be causing this?

Would appreciate a response!
 
Is there a diagnostic utility that would yield the exact cause of "connection timed out", for example: firewall / IPTables / Postfix?

In our case it looks like "server-related", our server, not the destination's, because "traceroute" doesn't even pass (192.168.0.1 (192.168.0.1), the rest are all stars!

It doesn't look like Postfix, because we uninstalled it, installed QMail, tried send the email, to no avail. Then, Postfix was reinstalled again; same result!!

System: Plesk Obsidian on Centos7.

Would greatly appreciate suggestions or hints to move on with diagnosing the issue. It is truly frustrating.
 
Funky routing? Firewall? There isn't a tool that can tell you the cause because there is so much that can go wrong :)

You have to start somewhere, eliminate possibilities, and work your way up.

For one, I'd traceroute from another server that mailtester does work on, to see if that's a red herring or not
 
Thank you, john0001, for your advice.

I tried traceroute from another server that works, as you said. But I couldn't catch the red herring .. my knowledge of networking is minimal. This is it:-
Code:
# traceroute 94.23.206.89
traceroute to 94.23.206.89 (94.23.206.89), 30 hops max, 60 byte packets
 1  10.255.255.2 (10.255.255.2)  0.195 ms  0.178 ms  0.161 ms
 2  109.228.63.177 (109.228.63.177)  0.693 ms 109.228.63.176 (109.228.63.176)  1.013 ms  0.999 ms
 3  ae-4-0.bb-a.ba.slo.gb.oneandone.net (88.208.255.30)  4.003 ms ae-4.bb-b.thn.lon.gb.oneandone.net (88.208.255.158)  6.125 ms  6.131 ms
 4  ae-0-0.bb-a.ba.slo.gb.oneandone.net (212.227.120.105)  5.142 ms  5.117 ms  5.168 ms
 5  * ae-11-0.bb-a.fra3.fra.de.oneandone.net (212.227.120.154)  16.903 ms *
 6  * * *
 7  * * *
 8  * * *
 9  be103.rbx-g1-nc5.fr.eu (178.33.100.158)  25.520 ms * be103.rbx-g2-nc5.fr.eu (94.23.122.240)  26.499 ms
10  be103.rbx-g1-nc5.fr.eu (178.33.100.158)  25.992 ms  25.989 ms *
11  * * *
12  * * *
13  * mail-tester.com (94.23.206.89)  24.891 ms *

Then I tried "tracerouting" each IP address in the lines above, they all worked, except the important one; mail-tester.com (94.23.206.89)

When I traceroute any domain (yahoo, google, etc) from our server they work. And the first 3 lines mention IP addresses of our service provider.

But when I traceroute mail-tester.com (94.23.206.89), it stops after the first hob (i.e. stars are displayed only)
Code:
 1  192.168.0.1 (192.168.0.1)  0.057 ms  0.025 ms  0.020 ms

Therefore, is it reasonable to assume that the service provider has blocked us from connecting with mail-tester.com?

Would greatly appreciate help on this.
 
I think it's worth asking. I presume 192.168.0.1 is your gateway and also what shows up for other traceroutes?
 
Thank you. I will do that.
And you are right 192.168.0.1 is our gateway. It is the first hop whatever domain I traceroute.
 
Apologies for the late response (health reasons).

The service provider insists they haven't blocked us. I believe them and there is no reason for them to do so when we can email all others.

We have tried every thing we can think of without success.
- disabled firewalld
- uninstalled Postfix, installed Qmail, reinstalled Postfix

What seems to be rather strange is that it doesn't pass the first hop, in other words no connection is established even to the second hop, which belongs to service provider. Yet traceroute is OK when any other domain is used.

So, I will leave it for now and try to solve the "mystery" every now and then. If ever solved, I will update this post.

In the meantime, any help is welcome.

Regards
 
Thank you, mow. I tried both mail-tester.com and a gmail address that works. These are the results.

mail-tester.com

Code:
# tcpdump -v  port 25
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes

04:13:00.417337 IP (tos 0x0, ttl 64, id 5443, offset 0, flags [DF], proto TCP (6), length 60)
    mail.mydomain.com.34951 > mail-tester.com.smtp: Flags [S], cksum 0x8873 (incorrect -> 0x5dd6), seq 3141342754, win 29200, options [mss 1460,sackOK,TS val 2456945505 ecr 0,nop,wscale 8], length 0

A gmail address that works
Code:
tcpdump -v  port 25
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes

04:20:34.755915 IP (tos 0x0, ttl 41, id 28616, offset 0, flags [none], proto TCP (6), length 105)
    wq-in-f27.1e100.net.smtp > mail.mydomain.com.52956: Flags [P.], cksum 0x4126 (correct), seq 1:54, ack 1, win 256, options [nop,nop,TS val 3958849994 ecr 2457399835], length 53: SMTP, length: 53
        220 mx.google.com ESMTP c12si16690127wri.12 - gsmtp
04:20:34.767776 IP (tos 0x0, ttl 41, id 28617, offset 0, flags [none], proto TCP (6), length 52)
    wq-in-f27.1e100.net.smtp > mail.mydomain.com.52956: Flags [.], cksum 0x5449 (correct), ack 26, win 256, options [nop,nop,TS val 3958850006 ecr 2457399845], length 0
04:20:34.770324 IP (tos 0x0, ttl 41, id 28619, offset 0, flags [none], proto TCP (6), length 221)
    wq-in-f27.1e100.net.smtp > mail.mydomain.com.52956: Flags [P.], cksum 0x1e24 (correct), seq 54:223, ack 26, win 256, options [nop,nop,TS val 3958850008 ecr 2457399845], length 169: SMTP, length: 169
        250-mx.google.com at your service, [xx.xxx.xxx.xx]
        250-SIZE 157286400
        250-8BITMIME
        250-STARTTLS
        250-ENHANCEDSTATUSCODES
        250-PIPELINING
        250-CHUNKING
        250 SMTPUTF8
04:20:34.770625 IP (tos 0x0, ttl 64, id 40713, offset 0, flags [DF], proto TCP (6), length 62)
    mail.mydomain.com.52956 > wq-in-f27.1e100.net.smtp: Flags [P.], cksum 0x329d (incorrect -> 0x11b0), seq 26:36, ack 223, win 119, options [nop,nop,TS val 2457399858 ecr 3958850008], length 10: SMTP, length: 10
        STARTTLS
04:20:34.778283 IP (tos 0x0, ttl 41, id 28622, offset 0, flags [none], proto TCP (6), length 82)
    wq-in-f27.1e100.net.smtp > mail.mydomain.com.52956: Flags [P.], cksum 0x3c36 (correct), seq 223:253, ack 36, win 256, options [nop,nop,TS val 3958850016 ecr 2457399858], length 30: SMTP, length: 30
        220 2.0.0 Ready to start TLS

I know little about this. But I noticed (incorrect -> 0x5dd6) in mail-tester.com case and (correct) in gmail address.

Does it help in diagnosing the problem?
 
Really sorry for the delayed response -extraordinary circumstances :)

Firewalling? I did disable the firewall without success. The strange thing is that it used to work,; emails were sent to test-mailer.com without a problem. This problem appeared out of the blue.

The webhost Support team tried everything possible without success. Their advice now is: rebuild the VPS from scratch. A costly solution for me - it would take a long time!
 
Hi Khozama,
was you able to solve that problem?. I had the same, with a VPS with IONOS. I can send email to Gmail, Office365, other mail server but not to mail-tester.com ... firewall open, on the server... whitelisted.
 
Hello meregha,

I actually gave it up after trying every possible thing I could think of; everything was positive!!

When I saw your post, I tried it and it worked. I cannot explain it but it looks like leaving it for a while might resolve the issue.
 
Back
Top