Check Connectivity sendmail false report?

SYSTEM INFORMATION
OS type and version Alma Linux 9
Virtualmin version 7.30.8 Pro

Hello,
Probably my fault somewhere but I’ll be dang if I can figure it out.

So on our Alma server I have Virtualmin 7.30.8 Pro installed. 3 blank site added. Everything appears to be working. However, When I do a connectivity check, it comes back with the following error.

“|SMTP connection failed|Connection timed out|Make sure your system’s mail server is running and listening on the external network interface.|”

Now, I have checked and Port 25 open. Sendmail is installed and running. Tested and works.

I’m hoping someone can help me figure out what I did lol.

Thanks for looking,
Mike B

What does mx tools respond with.

Thanks, Looks like my RDS is the culprit.

Thanks!

That shouldn’t cause a timeout, reverse more effects delivery of your mail, the recieving server will reject the connection, that shouldn’t be a timeout.
Seems like connection to your server on port 25 is working.

The error is coming from what?

How have you checked?

Why is Sendmail installed!? Virtualmin uses Postfix in a default configuration. If you installed Sendmail, you’ve got a lot of work to do to fix that problem. (If you want to use Sendmail, you can, but you need to have quite a bit of Sendmail knowledge for that to make sense. I recommend you stick with what we configure out of the box.)

OK, Great, then what do you think is causing the connectivity check, In Virtualmin, to tell me sendmail is not working?

What is the exact message you see about Sendmail? I think I need to get on the right page about what problem we’re trying to solve.

Well, the issue has now grown. But more on that in a sec.

I recieved the error in Virtualmin :

--------Begin Paste--------
|Problem type|Error message|Possible solution|

|SMTP connection failed|Connection timed out|Make sure your system’s mail server is running and listening on the external network interface.|
-------- End Paste ---------

Researching it led me to check sendmail. I did not install it. I simply checked port 25 and then ran the ssh command to check if sendmail was installed. The response said it was installed, though not in its regular place. Since I found Sendmail configurations in Webmin, I figured it was part of Postfix.
I could find nothing further on the error that helped. So I came here.

Now the update

Today all my virtual servers, 3 of them, are 400 bad request and won’t show. Including the servers domain.
Connectivity test on each shows the following (minus the domain name) error:

----------Begin Paste----------

Problem type Error message Possible solution
Website request failed 400 Bad Request Make sure your system’s webserver is running, that port 80 is not blocked by a firewall, and that the domain has a valid index page.
SSL website request failed 500 Can’t connect to xxxxxxx.com:443 (certificate verify failed) Make sure your system’s webserver is running, that port 443 is not blocked by a firewall, and that the domain has a valid index page.
SMTP connection failed Connection timed out Make sure your system’s mail server is running and listening on the external network interface.
---------End Paste----------

All I did at this point was get the server, running Alma 9 and install Virtualmin Pro via the install instructions.

I am able to login to virtualmin via port 10000.

I am able to ogin to Usermin at port 20000

I am able to send and receive email.

I am at a total loss at this point.

Sorry for the long post. Just trying to get everything I know out there.

I forgot to add, Everything ran fine for almost a week, then these issues…

Let’s focus on one issue per topic. If you want to discuss the web validation issues, create a new topic.

These tests run on our server, IP is probably 51.158.66.131. It’s possible there’s something between our server and your system that’s causing these issues. You should check your mail log for that IP (see our mail troubleshooting doc for how to look at the mail log): https://www.virtualmin.com/docs/server-components/troubleshooting-emails/#checking-logs-for-email-issues

Are you using Cloudflare? DNS is fine, but if you’re proxying through Cloudflare, you need to make sure you don’t proxy any mail addresses because Cloudflare does not proxy mail services, though they offer some mail forwarding options in their paid plans.

A connection timing out for SMTP usually means port 25 is blocked, which is why I asked how you check to be sure it was open earlier. We still want to confirm it actually is open.

From a system not local to the server:

telnet domain.tld 25

You should get a reply like this (with your server name and not ours, obviously):

 telnet mail.virtualmin.com 25
Trying 45.76.233.251...
Connected to mail.virtualmin.com.
Escape character is '^]'.
220 n1.virtualmin.com ESMTP Postfix

And, then do exactly that (telnet mail.virtualmin.com 25) on the server itself.

You need to confirm you have port 25 in both directions to operate a mail server.

Mail logs are full of people trying to log in. 5500+ lines. I did find the following error messages:
-----Begin Paste------
warning: TLS library problem: error:0A000139:SSL routines::record layer failure:ssl/record/rec_layer_s3.c:689:

warning: TLS library problem: error:0A0000C6:SSL routines::packet length too long:ssl/record/methods/tls_common.c:662:
-------End Paste------

No, I do not use Cloudflare

Could not connect.
sudo firewall-cmd --zone=public --add-port=25/tcp --permanent
Gives me
Warning: Already enabled: 25:tcp

Is that the correct command?

I mentioned a specific IP, you should search for that. I don’t really expect it to appear, as a time out would indicate not network connection could be made, but maybe something changed at some point and you might see an old instance of a successful connection. We’re just trying to figure out the shape of the problem here.

So, you don’t have port 25. Presumably your hosting provider blocks it.

That explains the error from Virtualmin’s check. The check is returning a correct result, and telling you about a real problem.

Well, yeah, but when you installed Virtualmin it opened all the necessary ports, which is why you get the warning about it already existing. Though I would use a named service instead of a port.

firewall-cmd --zone=public --add-service=smtp --permanent

Result is the same, generally speaking.

I don’t believe there’s any reason to think the block is happening on the device itself, it would generally be your provider blocking it. Outgoing connections would work, otherwise (the Virtualmin firewall configuration does not block anything outgoing).

Yea, They have told me many times they do not block any ports.

Also, I can send and recieve emails. So is Postfix using a different port?

No, definitely not. Port 25 is where mail is sent to other mail servers and where it is received from other mail servers. So, if mail is coming and going, then it can’t be blocked 25.

OK, so I guess you tested from a consumer network rather than a server? (Consumer internet always blocks port 25. So testing from your laptop/desktop is not useful data.)

If I knew the address of your server, I could test incoming connections from a few locations (including our status checking server) to see what’s going on. You can PM it to me, if you like.