Hi, when trying smtp from non-hosted website, all works fine using port 587. Even desktop email client (Thunderbird) works fine. The only problem is that the error
rises when sending from local hosted websites.
I have tried the same smtp credentials/info on one non-localhosted website and works fine. When trying from the localhosted website then the error rises.
I am using Lets Encrypt. But as i said the service works fine from outside the server. So there is no SSL Certificate failure. I think that something reroutes the service when using from local hosted website. Like a missconfigured /etc/hosts file. I have made a lot of googling by the way!
First of all, thank you for your patience.
To be more percise, i apply smtp credentials/info in “WP SMTP” plugin in wordpress.
When apply these smtp info in a website which IS NOT hosted in my server, then SMTP works fine. When apply these smtp info (same info) in a website which IS hosted in my server, then the error occurs. I am not using native php mail provider but SMTP settings for any case.
This is not a website error but the error occurs because the SMTP mechanism is trying to work localhost. (i did not said that it is a website error)
So, i think that there is missing a configuration in smtp conf or hosts file. If not, ignore my guess.
(I am using SMTP of my server)
Gotcha, I’ve never used WP SMTP for a localhost wp mail connection. The inbuilt php mail normally works fine. Any reason you useing wp smtp? I thinks it normally used for a external connection. I maybe wrong.
If i use native php mail(), there would be mail signature errors (not signed with domainkey). Also, i usually remove the native php mail() capability on my servers because any website plugin can send unauthorized emails as a result to blacklist the ip or having bad ip reputation (had many cases). Using SMTP you can control the senders and you can apply limits too.
However, if i finaly figure out what is going on with my error, i will post it here. @stefan1959 thank you for your time!
I would do an online smtp test at MXToolbox. If after the test it is displayed that it does not support TLS then you have to talk to the service provider to open port 25. I had a similar situation and I changed all the configurations for a few days getting the same error mentioned, but in the end I asked the service provider to support me then I found out he was using a spam filter in front of the VPS. I asked him to bypass my machine and immediately green light for all the checks in MXToolbox.
I personally don’t understand why port 25 is still blocked these days. As a service provider, after a client set his mail server up, I check it and if I see that I am not able to send spam messages, then I leave it open. There are still email servers that communicate on port 25 only and if they receive an smtp error, they stop trying on other ports (465, 587). The much praised online messaging service Tutanota has this issue.
BUT… it can not work because of chroot or jail. I am trying to set the path /etc/ssl/certs to the chroot/jail allowed paths… No luck until now.
Do know someone how to whitelist this path?
I can not use any smtp credentials to my server. I tried external provider and the error persists. Thunderbird with my server smtp info works fine although…
cp /etc/ssl/certs/ca-certificates.crt /home/chroot/${ID}/etc/ssl/certs to copy the ca certificates
And all works.
Be aware:
apply the above from root
restart php-fpm (if used) and apache2
if any new ca-certificate added and we need that new one, then repeat the copy of .crt file. We can not use simulinks here (error: Too many levels of symbolic links).
${ID} is the “Domain ID” in Virtual Server Summary
repeat at other virtual server if needed.
In order to let virtualmin to copy the ca certificates on every virtual server creation, then:
go to Webmin > System > Jailkit Jail Manager
edit uidbasics
Append to Paths to include in jail texteditor, the /etc/ssl/certs/ca-certificates.crt
I did not managed to whitelist the /etc/ssl path into jail.
Be very careful manually modifying anything in /home/chroot directories. If you copy a setuid executable into the chroot, you allow users to escape the chroot and possibly escalate to root. chroots can be extremely dangerous, if used incautiously.
Copying text files (non-executables) into the chroot should be safe.
Alsoif you use the Jailkit tools to copy files (as happens when you add it to the jailkit configuration, either editing the config file, or by editing it in the Webmin Jailkit module), it protects against the most dangerous mistakes (like copying setuid binaries).