Resolved no incoming mail

[kwanDo]

Server operating system version

Ubuntu 22.04.2 LTS (GNU/Linux 5.19.0-1028-aws x86_64)

Plesk version and microupdate number

18.0.49

Hello.
Can someone help me to figure out why I can not accept incoming mail on my AWS Lightsail Plesk instance?
here is the output of my investigation

sudo iptables -L -n | egrep '25|110|143|465|993|995'
ACCEPT tcp -- **.MYIP.** 0.0.0.0/0 tcp dpt:2222
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993

netstat -nltp | egrep '25|110|143|465|993|995'
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN -
tcp6 0 0 :::110 :::* LISTEN -
tcp6 0 0 :::25 :::* LISTEN -
tcp6 0 0 :::143 :::* LISTEN -
tcp6 0 0 :::465 :::* LISTEN -
tcp6 0 0 :::995 :::* LISTEN -
tcp6 0 0 :::993 :::* LISTEN -

nmap -p25,110,143,465,993,995 IP_REDRACTED
Starting Nmap 7.93 ( Nmap: the Network Mapper - Free Security Scanner ) at 2023-07-05 12:47 UTC
Nmap scan report for ec2-IP_REDACTED.eu-west-2.compute.amazonaws.com (IP_REDACTED)
Host is up (0.0015s latency).

PORT STATE SERVICE
25/tcp filtered smtp
110/tcp filtered pop3
143/tcp filtered imap
465/tcp filtered smtps
993/tcp filtered imaps
995/tcp filtered pop3s

No errors related for incominfg in the var/log/maillog or var/log/mail.err

The GMAIL after send reply with

The recipient server did not accept our requests to connect. Learn more at Fix bounced or rejected emails - Gmail Help [mail.flagon.digital. IP_REDACTED: timed out

The MAILS APPS after attempting to connect whatever port (143, 110 (I don't have SSL) as well autoconfiguration) replies something like "Unable to verify account name or password." (username and password are ok I try host parameter as mail.flagon.digital, flagon.digital, IP_REDACTED and server name jolly-bouman.IP_REDACTED.plesk.page)

No ban is Fail2Ban try everything with and without Firewall Enabled (default configuration)


The outgoing email is configured to replay with Amazon SES and it is working. Please help to find out why incoming emails are not delivered

 

[Martin Dias]

You need to open the ports for incoming traffic over AWS:

Instance firewalls in Amazon Lightsail | Lightsail Documentation

Just local iptables won't do it

 

[kwanDo]

Thank you.
The TCP 110,143, 465, 587, 993,995 are enabled in the lightsail firewall

 

[Martin Dias]

They now show as open, you're still missing Port 25 to get mails:

Host is up (0.015s latency).

PORT    STATE    SERVICE
25/tcp  filtered smtp
110/tcp open     pop3
143/tcp open     imap
465/tcp open     smtps
993/tcp open     imaps
995/tcp open     pop3s

Nmap done: 1 IP address (1 host up) scanned in 1.43 seconds

 

[kwanDo]

Thank you, adding port 25 to Lightsail firewall resolves the issue. I was on impression that I need special permissions from AWS to allow it.

Have a nice day

 

[kwanDo]

Sorry but how do I edit the original post to mask the sensitive info like IP and server name?

 

[Martin Dias]

Thank you, adding port 25 to Lightsail firewall resolves the issue. I was on impression that I need special permissions from AWS to allow it.

Have a nice day

Port 25 incoming you can always manage, support is often needed for outgoing only

Sorry but how do I edit the original post to mask the sensitive info like IP and server name?

I think I did redact all the IP/Names in the post