• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved no incoming mail

kwanDo

New Pleskian
Server operating system version
Ubuntu 22.04.2 LTS (GNU/Linux 5.19.0-1028-aws x86_64)
Plesk version and microupdate number
18.0.49
Hello.
Can someone help me to figure out why I can not accept incoming mail on my AWS Lightsail Plesk instance?
here is the output of my investigation
sudo iptables -L -n | egrep '25|110|143|465|993|995'
ACCEPT tcp -- **.MYIP.** 0.0.0.0/0 tcp dpt:2222
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993

netstat -nltp | egrep '25|110|143|465|993|995'
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN -
tcp6 0 0 :::110 :::* LISTEN -
tcp6 0 0 :::25 :::* LISTEN -
tcp6 0 0 :::143 :::* LISTEN -
tcp6 0 0 :::465 :::* LISTEN -
tcp6 0 0 :::995 :::* LISTEN -
tcp6 0 0 :::993 :::* LISTEN -
nmap -p25,110,143,465,993,995 IP_REDRACTED
Starting Nmap 7.93 ( Nmap: the Network Mapper - Free Security Scanner ) at 2023-07-05 12:47 UTC
Nmap scan report for ec2-IP_REDACTED.eu-west-2.compute.amazonaws.com (IP_REDACTED)
Host is up (0.0015s latency).

PORT STATE SERVICE
25/tcp filtered smtp
110/tcp filtered pop3
143/tcp filtered imap
465/tcp filtered smtps
993/tcp filtered imaps
995/tcp filtered pop3s

No errors related for incominfg in the var/log/maillog or var/log/mail.err

The GMAIL after send reply with
The recipient server did not accept our requests to connect. Learn more at Fix bounced or rejected emails - Gmail Help [mail.flagon.digital. IP_REDACTED: timed out

The MAILS APPS after attempting to connect whatever port (143, 110 (I don't have SSL) as well autoconfiguration) replies something like "Unable to verify account name or password." (username and password are ok I try host parameter as mail.flagon.digital, flagon.digital, IP_REDACTED and server name jolly-bouman.IP_REDACTED.plesk.page)

No ban is Fail2Ban try everything with and without Firewall Enabled (default configuration)


The outgoing email is configured to replay with Amazon SES and it is working. Please help to find out why incoming emails are not delivered
 
Last edited by a moderator:
They now show as open, you're still missing Port 25 to get mails:
Code:
Host is up (0.015s latency).

PORT    STATE    SERVICE
25/tcp  filtered smtp
110/tcp open     pop3
143/tcp open     imap
465/tcp open     smtps
993/tcp open     imaps
995/tcp open     pop3s

Nmap done: 1 IP address (1 host up) scanned in 1.43 seconds
 
Thank you, adding port 25 to Lightsail firewall resolves the issue. I was on impression that I need special permissions from AWS to allow it.

Have a nice day
 
Sorry but how do I edit the original post to mask the sensitive info like IP and server name?
 
Thank you, adding port 25 to Lightsail firewall resolves the issue. I was on impression that I need special permissions from AWS to allow it.

Have a nice day
Port 25 incoming you can always manage, support is often needed for outgoing only
Sorry but how do I edit the original post to mask the sensitive info like IP and server name?
I think I did redact all the IP/Names in the post
 
Back
Top