MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: barrysmoke on 2017-08-24, 09:39:33

Title: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-24, 09:39:33
I'm a linux engineer, so I don't post unless I can't figure things out.
all mail sending is getting this in the /var/log/maillog :
Code: [Select]
Aug 24 03:03:02 srv1 send: delivery 9: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Aug 24 03:03:02 srv1 send: status: local 0/10 remote 1/60
Aug 24 03:03:02 srv1 send: delivery 10: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Aug 24 03:03:02 srv1 send: status: local 0/10 remote 0/60

I couldn't figure out why an smtp connection can't be established, tried to telnet manually to the servers I'm trying to send to, and it works fine, so no firewall issue between the server, and the recipient smtp servers.

then, I figured out, its not even trying.  I ran a packet capture on the firewall between this server, and the internet.  full packet capture. 
here is a summary of what I saw, I can attach the capture if you want to see it.
1)my mail client connects to server, sends email over smtp-ssl
2)qmail receives the mail, and does some name server querying of the ip address the sender is using, but does no querying on the recipients domain/mail server, I saw no query for an mx record, or anything.

with that information I suspected spamdyke, so I used kloxo-mr to whitelist my sending ip, so spamdyke would ignore it.

result is, I see a lot fewer queries for my mail client, 1 actually that I can find in this large dump file
(which on my home network, resolves to x.x.x.x.in-addr.arpa PTR x-x-x-x.fidanet.com)

I see the dns queries for my personal gmail account mx record, and my account on another private server I have access to its smtp log files.
no smtp connection was even attempted to either server.  I think something is broken in implementation, or combination of communication between spamdyke, and qmail smtp, it defers rather than actually attempting to try an smtp connection to send the mail.

I can provide remote access if you would like to login and check it out.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-24, 10:09:01
oh, and if I try to disable spamdyke, sending breaks completely.
the mail sits in my client's outbox, tries to send, and qmail logs this:
Code: [Select]
Aug 24 04:14:12 srv1 smtp-ssl: 13560 < ?????????????????????????????????????????#???????????+
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > 220 srv1.phatlabz.com - Welcome to Qmail ESMTP?
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > 502 unimplemented (#5.5.1)?
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > 502 unimplemented (#5.5.1)?
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > 502 unimplemented (#5.5.1)?
Aug 24 04:14:12 srv1 smtp-ssl: 13560 < [EOF]
Aug 24 04:14:12 srv1 smtp-ssl: tcpserver: end 13560 status 256
Aug 24 04:14:12 srv1 smtp-ssl: tcpserver: status: 0/100
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > [EOF]
Aug 24 04:14:12 srv1 smtp-ssl: tcpserver: status: 1/100

that makes sense, spamdyke was allowing the mail to come on in.
so, this issue might actually be in qmail-toaster


Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: MRatWork on 2017-08-24, 10:11:56
oh, and if I try to disable spamdyke, sending breaks completely.
the mail sits in my client's outbox, tries to send, and qmail logs this:
Code: [Select]
Aug 24 04:14:12 srv1 smtp-ssl: 13560 < ?????????????????????????????????????????#???????????+
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > 220 srv1.phatlabz.com - Welcome to Qmail ESMTP?
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > 502 unimplemented (#5.5.1)?
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > 502 unimplemented (#5.5.1)?
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > 502 unimplemented (#5.5.1)?
Aug 24 04:14:12 srv1 smtp-ssl: 13560 < [EOF]
Aug 24 04:14:12 srv1 smtp-ssl: tcpserver: end 13560 status 256
Aug 24 04:14:12 srv1 smtp-ssl: tcpserver: status: 0/100
Aug 24 04:14:12 srv1 smtp-ssl: 13560 > [EOF]
Aug 24 04:14:12 srv1 smtp-ssl: tcpserver: status: 1/100

that makes sense, spamdyke was allowing the mail to come on in.
so, this issue might actually be in qmail-toaster
It's maybe your server IP in blacklist. Test your IP in mxtoolbox.com.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-24, 12:29:27
not blacklisted, at least on the servers I'm testing.  out of the 30 or so blacklists, I am still on 1 blacklist service, but the server I'm test sending to doesn't use it.

also I verified with that packet capture, its not making it that far.  the remote mail server never recieves a connection from kloxo-mr.  qmail isn't even trying to connect.

I think I have this figured out...but not sure how to fix it.
hours of research, led me to look at dns resolution of the local server, in relation to how qmail tries to send mail out.  it has its own dns checks, and some logic in there.  I'm using 1 to 1 NAT, so that my public ip hits a pfsense firewall, that gives me a lot more control, and security to avoid hacks.  qmail doesn't like this set up.  I saw where people had applied patches, and tweaks to make qmail work behind nat.  I just can't believe I can't add an ip alias on the local centos ethernet adapter, and trick qmail into working that way. 

I've tried setting dual A records in the local dns, one with one entry being the internal private ip of the kloxo-mr server, and I tried ip aliasing.  not sure what to do next, other than switch to exim/dovecot.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: MRatWork on 2017-08-24, 12:38:38
not blacklisted, at least on the servers I'm testing.  out of the 30 or so blacklists, I am still on 1 blacklist service, but the server I'm test sending to doesn't use it.

also I verified with that packet capture, its not making it that far.  the remote mail server never recieves a connection from kloxo-mr.  qmail isn't even trying to connect.

I think I have this figured out...but not sure how to fix it.
hours of research, led me to look at dns resolution of the local server, in relation to how qmail tries to send mail out.  it has its own dns checks, and some logic in there.  I'm using 1 to 1 NAT, so that my public ip hits a pfsense firewall, that gives me a lot more control, and security to avoid hacks.  qmail doesn't like this set up.  I saw where people had applied patches, and tweaks to make qmail work behind nat.  I just can't believe I can't add an ip alias on the local centos ethernet adapter, and trick qmail into working that way. 

I've tried setting dual A records in the local dns, one with one entry being the internal private ip of the kloxo-mr server, and I tried ip aliasing.  not sure what to do next, other than switch to exim/dovecot.
If behind nat, make sure all IP in dns using public IP (not local). Also make sure all ports related to certain services already open.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-24, 21:08:59
all ports open, all addresses in dns point to the outside address.
no firewall blocking, verified with a packet capture, for some reason qmail never tries to establish an smtp connection with the mail servers for the domains I'm sending to.
one is my gmail account, one is an account on a cpanel server I manage.  watched the exim log, and no connection attempt.  that's when I started doing packet captures to figure out what was going on.

doing a lot of qmail searching right now to see if I can get it working.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-27, 07:06:15
ok, 2 days of troubleshooting this, and I do believe it is an internal error either dealing with qmail, or how its integrated with spamdyke.
I don't think its anything related to my server being behind NAT.

Code: [Select]
Aug 27 00:10:48 srv1 send: starting delivery 78: msg 101273270 to remote barry@up-link.net
Aug 27 00:10:48 srv1 send: status: local 0/10 remote 1/60
Aug 27 00:10:48 srv1 send: starting delivery 79: msg 101273270 to remote bsmokeman@gmail.com
Aug 27 00:10:48 srv1 send: status: local 0/10 remote 2/60
Aug 27 00:10:48 srv1 send: delivery 78: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Aug 27 00:10:48 srv1 send: status: local 0/10 remote 1/60
Aug 27 00:10:48 srv1 send: delivery 79: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Aug 27 00:10:48 srv1 send: status: local 0/10 remote 0/60

I took the nameserver, and edited named.options.conf to allow dns forwarding, so I could control how my server's dns, and mx records resolve locally.  I then put nameserver 127.0.0.1 in my /etc/resolv.conf, and made sure it was working 100%.  I'm using google's dns servers for forwarding. 8.8.8.8, and 8.8.4.4
I tested that the 2 test domains I'm sending to do get resolved to mx records via a query by qmail(see it in a tcpdump).

qmail never tries to connect to the smtp servers though.
I can telnet to port 25 at up-link.net, and to google's mx server that is chosen, so the connections are not getting blocked by a firewall. its not a connection problem.

I can inbox you my credentials, and server addresses if you want, if you don't mind taking a look.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: MRatWork on 2017-08-27, 12:46:31
Inform here 'cat /etc/hosts'.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-27, 17:21:21
Code: [Select]
[root@srv1 defaults]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6







### begin - add by Kloxo-MR
10.0.0.169 srv1.phatlabz.com srv1
### end - add by Kloxo-MR
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-28, 06:01:12
just for the heck of it, I added our secondary server as a default smtp route in /var/qmail/control/smtproutes
I then added this server's ip address as an allowed relayhost on our secondary server.
restarted qmail, tried to send, same thing, defferral.
qmail is not working to establish any smtp connection at all outbound.  inbound works fine.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-28, 21:00:35
any ideas?
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: MRatWork on 2017-08-29, 09:50:31
Look like IP (taken from /etc/hosts) is local IP. You need add 'IP srv1.phatlabz.com srv1' where IP is your public IP. And then reboot.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-29, 10:32:55
cat /etc/hosts:
Code: [Select]
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6







### begin - add by Kloxo-MR
66.34.221.169 srv1.phatlabz.com srv1
### end - add by Kloxo-MR


no luck:
Code: [Select]
Aug 29 03:39:19 srv1 send: starting delivery 3: msg 101208626 to remote barry@up-link.net
Aug 29 03:39:19 srv1 send: status: local 1/10 remote 1/60
Aug 29 03:39:19 srv1 send: starting delivery 4: msg 101208626 to remote bsmokeman@gmail.com
Aug 29 03:39:19 srv1 send: status: local 1/10 remote 2/60
Aug 29 03:39:19 srv1 send: delivery 3: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Aug 29 03:39:19 srv1 send: status: local 1/10 remote 1/60
Aug 29 03:39:19 srv1 send: delivery 4: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Aug 29 03:39:19 srv1 send: status: local 1/10 remote 0/60

Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: MRatWork on 2017-08-29, 13:29:36
Give me your ssh and panel access.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-29, 17:36:09
sent you a pm earlier with all that, let me know if it didn't go through
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: MRatWork on 2017-08-29, 17:38:38
Didn't received PM from you. Remember, use PM instead send to email.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-29, 18:01:44
did both,
and I told the pm to copy to my inbox, but I didn't get a copy.

let me try another browser, I'm using chrome.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-08-29, 18:38:39
what's an email address I can use, for some reason, I can't send you a PM
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: Mukesh on 2017-08-31, 09:35:41
Hi All,
Please update me mail server configurations step by step, i am new in Kloxo panel..

Thnks
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-09-01, 12:24:54
mukesh, please don't hijack a thread, start a new one with a complete question.

MrAtWork, let me know what you think about this, such as a timeframe for fixing my issue, researching that qmail patch. 
I really like the kloxo-mr panel, but I'm going to have to move on if I can't get mail sending to work.

Thanks, barrysmoke
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: MRatWork on 2017-09-01, 12:35:00
mukesh, please don't hijack a thread, start a new one with a complete question.

MrAtWork, let me know what you think about this, such as a timeframe for fixing my issue, researching that qmail patch. 
I really like the kloxo-mr panel, but I'm going to have to move on if I can't get mail sending to work.

Thanks, barrysmoke
I try recompile qmail with moreipme but not easy. Too much code to patch. I hope will be ready with next 2-3 days.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: MRatWork on 2017-09-01, 12:39:06
Usually, I use external mail server for my domains like googleapps, zoho and yandex. Zoho and yandex still free for domain-based email server.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-09-01, 15:02:03
yep, I was going to try something temporarily.
I tried to use smtproutes to route my mail through our other server, but it was doing the same thing. smtp deferred.

I'll hang in there, thanks.  use my server for whatever testing you need.

Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-09-10, 14:46:42
since this is a vm for me, I'm going to just shut it down, and await the updated packages with the patch.  just reply to this thread when you are ready for me to test.  think I'll switch to centos web panel temporarily.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-10-03, 05:22:19
any updates on this, I can restore vm, and update, and try to send again?
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: luckytanuki on 2017-10-11, 08:41:53
Hope this helps.

I've been having similar issues with AWS EC2 instances .

I was able to resolve the problem by editing /var/qmail/control/outgoingips to change the Public IP address (Elastic IP) to the Private IP address.

Then when qmail sends from the Private IP, it gets translated back to the Public IP.

Now looking for a way to set outgoingips without have to manually edit the file. 

Update: I've just noticed that you can set the file  /usr/local/lxlabs/kloxo/etc/flag/manualoutgoingips.flg to flag an override on the auto updating of outgoingips.   
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2017-11-09, 08:14:43
BTW, this worked.  I added my internal ip on each line for each domain in that file.
Title: Re: mail send accepted, but deffered "sorry, I wasn't able to establish an smtp..."
Post by: barrysmoke on 2018-05-31, 06:25:27
Hope this helps.

I've been having similar issues with AWS EC2 instances .

I was able to resolve the problem by editing /var/qmail/control/outgoingips to change the Public IP address (Elastic IP) to the Private IP address.

Then when qmail sends from the Private IP, it gets translated back to the Public IP.

Now looking for a way to set outgoingips without have to manually edit the file. 

Update: I've just noticed that you can set the file  /usr/local/lxlabs/kloxo/etc/flag/manualoutgoingips.flg to flag an override on the auto updating of outgoingips.


my ip's got switched again to the external ip, instead of internal.   this method requires copying the state of outgoingips, and replicating it in this .flg file, however what happens when more domains are added., any way to make all domains get the internal address always on this file?