Problem to hMailServer
Hi,
What is wrong in 1st attached screenshot? I send one mail and have got no failure (see 2nd attached file), in Telnet, but I cannot get the Mail. Where is the problem?
What is wrong in 1st attached screenshot? I send one mail and have got no failure (see 2nd attached file), in Telnet, but I cannot get the Mail. Where is the problem?
Pavel Nagaev
I don't see screenshot.
ASKER
What is wrong in 1st attached screenshot below? I send one mail and have got no failure (see 2nd attached file), in Telnet, but I cannot get the Mail. Where is the problem?
The first thing I see is that you have local host and smtp relay as same address...
SMTP relay is the next host your server has to send mail to like a spam filter or your ISP's mail concentrators.
SMTP relay is the next host your server has to send mail to like a spam filter or your ISP's mail concentrators.
ASKER
I have adjusted it like
by still I do not get Email by doing the same through Telnet.
by still I do not get Email by doing the same through Telnet.
You are missing the point... The server is not its own smtp relay... A SMTP relay is only if your server has to pass mail onto another server for delivery. It isn't needed if the server is able to send and receive mail directly. And unless your server has a known reputation, gmail will ignore you . There are many steps to get a server able to talk to the big providers like google, yahoo and microsoft, and it is way more involved then just adding a server to an internet facing ip address...
First your ISP has to allow you having a mail server. If they do not allow it, they will block all port 25 traffic.
Then you need fully resolvable domain names... Forward and reverse...
Many require you to have SPF and/or DKIM rules, and not be on any spam lists.
I did some tests and got these results;
searchhouselive.com is a domain name, not a server name.
Also, what are you trying to receive the mail on? A PC talking to a server uses a mail delivery protocol like POP3 or IMAP, and those are set up under different tabs .
First your ISP has to allow you having a mail server. If they do not allow it, they will block all port 25 traffic.
Then you need fully resolvable domain names... Forward and reverse...
Many require you to have SPF and/or DKIM rules, and not be on any spam lists.
I did some tests and got these results;
Connecting to 182.173.77.208
7/19/2018 12:39:01 PM Connection attempt #1 - Unable to connect after 15 seconds. [15.00 sec]
LookupServerv2 15004ms
7/19/2018 12:39:01 PM Connection attempt #1 - Unable to connect after 15 seconds. [15.00 sec]
LookupServerv2 15004ms
LISTED CBL 182.173.77.208 was listed
LISTED Spamhaus ZEN 182.173.77.208 was listed
LISTED Spamhaus ZEN 182.173.77.208 was listed
searchhouselive.com is a domain name, not a server name.
Also, what are you trying to receive the mail on? A PC talking to a server uses a mail delivery protocol like POP3 or IMAP, and those are set up under different tabs .
ASKER
On the same server, I was ever able to send out message fine, through hMailserver.
(Currently I had some change to server)
Now I got these (in hMailserver)
(Currently I had some change to server)
Now I got these (in hMailserver)
"ERROR" 1532 "2018-07-20 09:32:43.986" "Severity: 1 (Critical), Code: HM5028, Source: ADOConnection::Connect, Description: Error when connecting to database. Microsoft OLE DB Provider for SQL Server [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied. Check your database settings in hMailServer.ini."
"ERROR" 1532 "2018-07-20 09:33:05.779" "Severity: 1 (Critical), Code: HM5028, Source: ADOConnection::Connect, Description: Error when connecting to database. Microsoft OLE DB Provider for SQL Server [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied. Check your database settings in hMailServer.ini."
"ERROR" 1532 "2018-07-20 09:33:12.081" "Severity: 1 (Critical), Code: HM5028, Source: ADOConnection::Connect, Description: Error when connecting to database. Microsoft OLE DB Provider for SQL Server Cannot open database "hMailserver" requested by the login. The login failed. Check your database settings in hMailServer.ini."
"ERROR" 1532 "2018-07-20 09:33:18.555" "Severity: 1 (Critical), Code: HM5028, Source: ADOConnection::Connect, Description: Error when connecting to database. Microsoft OLE DB Provider for SQL Server Cannot open database "hMailserver" requested by the login. The login failed. Check your database settings in hMailServer.ini."
"ERROR" 1532 "2018-07-20 09:33:23.578" "Severity: 1 (Critical), Code: HM5028, Source: ADOConnection::Connect, Description: Error when connecting to database. Microsoft OLE DB Provider for SQL Server Cannot open database "hMailserver" requested by the login. The login failed. Check your database settings in hMailServer.ini."
"ERROR" 1532 "2018-07-20 09:33:28.602" "Severity: 1 (Critical), Code: HM5028, Source: ADOConnection::Connect, Description: Error when connecting to database. Microsoft OLE DB Provider for SQL Server Cannot open database "hMailserver" requested by the login. The login failed. Check your database settings in hMailServer.ini."
"ERROR" 1532 "2018-07-20 09:33:33.609" "Severity: 1 (Critical), Code: HM4354, Source: Application::OpenDatabase, Description: hMailServer failed to connect to the database server. Error message: ADO: Cannot open database "hMailserver" requested by the login. The login failed."[Directories]
ProgramFolder=C:\Program Files (x86)\hMailServer
DatabaseFolder=
DataFolder=C:\Program Files (x86)\hMailServer\Data
LogFolder=C:\Program Files (x86)\hMailServer\Logs
TempFolder=C:\Program Files (x86)\hMailServer\Temp
EventFolder=C:\Program Files (x86)\hMailServer\Events
[GUILanguages]
ValidLanguages=english,swedish
[Security]
AdministratorPassword=12b348791e3e0c7dc5ea083819c345a7
[Database]
Type=MSSQL
Username=ws_login
Password=240e36c5afc5fa6a
PasswordEncryption=1
Port=0
Server=WIN-BPJ35QGB8MN\SS2012EXPR
Database=hMailserver
Internal=0
Double check the SQL server allows access to the user you setup, male sure the SQL login you are using has a password that does not expire
Check the box, password never expires,
Using relay host as your own same server, creates an SMTP loop that the server shoukd detect.
Check the box, password never expires,
Using relay host as your own same server, creates an SMTP loop that the server shoukd detect.
If you say it used to work, but now doesn't, I bet the blacklists you are on are keeping gmail from accepting your messages...
You need to resolve why you got on them, and then apply to get off...
You need to resolve why you got on them, and then apply to get off...
ASKER
Thanks to all.
Arnold,
Currently the SQL server account is having Sysadmin permission.
Arnold,
Currently the SQL server account is having Sysadmin permission.
Not the point, make sure the account is exempt from password policy including expiration.
ASKER
Arnold,
Here are the properties of the account
How to resolve this
since I've already enabled TCP rules on port 25 of Firewall to allow connection.
Here are the properties of the account
How to resolve this
since I've already enabled TCP rules on port 25 of Firewall to allow connection.
I would uncheck the enforce password policy, you can make the password as complex as you need it to be without that check mark.
Looking at the security/application event log on the sql server to see whether the login attempts are/were being denied the log says it could not access the DB with the information it has, attributing the failure to username/password related issues
under user mapping make sure this account has DBO rights to the Hmailserver DB or as specified in the HMailserver setup.
They usually go through the setup of the DB in SQL and then creation of the user acccount that will be used by hmailserver to access this DB. You initially used the sa account, you may have created the ws_login, but you might not have granted it requisite rights.
Use SSMS, and establish a new connection to this server, using sql login with the wp_login/password. see if in this session you can expand the hMailserver database.....
if you can, potentially you gave it read rights but no write rights.
Once you correct the wp_login account access to the hMailserver database. see if you can get further along.
My suggestions you deal with issues in sequence,
1) Make sure the DB schema is setup as specified.
2) Make sure you have a DB dedicated sql login for hMailserver
3) Make sure using this account you can access and query the hMailserver DB
4) test local injection of email destined to the added accounts locally. (This will confirm that the mail server will be able to handle emails for domains it is responsible/authoritative)
5) test handling of outgoing emails
6) before publishing the server, make sure it is not an open relay, by connecting to it from an external IP that is not authorized to relay through it and send a message from a sender with an external address to an email address outside the domains defined on the server. (third party using your server to email another third party) test destination email address in the form of username%someotherdomain.c
Once those things are done, so are you and your server is ready.
Looking at the security/application event log on the sql server to see whether the login attempts are/were being denied the log says it could not access the DB with the information it has, attributing the failure to username/password related issues
under user mapping make sure this account has DBO rights to the Hmailserver DB or as specified in the HMailserver setup.
They usually go through the setup of the DB in SQL and then creation of the user acccount that will be used by hmailserver to access this DB. You initially used the sa account, you may have created the ws_login, but you might not have granted it requisite rights.
Use SSMS, and establish a new connection to this server, using sql login with the wp_login/password. see if in this session you can expand the hMailserver database.....
if you can, potentially you gave it read rights but no write rights.
Once you correct the wp_login account access to the hMailserver database. see if you can get further along.
My suggestions you deal with issues in sequence,
1) Make sure the DB schema is setup as specified.
2) Make sure you have a DB dedicated sql login for hMailserver
3) Make sure using this account you can access and query the hMailserver DB
4) test local injection of email destined to the added accounts locally. (This will confirm that the mail server will be able to handle emails for domains it is responsible/authoritative)
5) test handling of outgoing emails
6) before publishing the server, make sure it is not an open relay, by connecting to it from an external IP that is not authorized to relay through it and send a message from a sender with an external address to an email address outside the domains defined on the server. (third party using your server to email another third party) test destination email address in the form of username%someotherdomain.c
Once those things are done, so are you and your server is ready.
ASKER
Appreciated a lot and would check. How about the 2nd issue on port 25?
One thing at a time.
Relayhost should only be an external.
Did not review what the 25 port means, ....
Commonly these days ISP block outgoing port 25 from non business customers.
I think at one point you looped SMTP by telling your server to use itself to send messages out.
Use your isp's mail server as the relay host.
Potentially they blocked your ip from sending through them.
Relayhost should only be an external.
Did not review what the 25 port means, ....
Commonly these days ISP block outgoing port 25 from non business customers.
I think at one point you looped SMTP by telling your server to use itself to send messages out.
Use your isp's mail server as the relay host.
Potentially they blocked your ip from sending through them.
ASKER
Let me come back to this
ASKER
Arnold,
I now still cannot send out Mail successfully even if I've enable TCP port 25.
I now still cannot send out Mail successfully even if I've enable TCP port 25.
Can you confirm that your system has external access over port 25.
nslookup -q=mx gmail.con
You will get mail exchanger records. Pick one
Try
Telnet <mx exchanger from the list> 25
Do you get a greating, or does your connection timeout
Logs are the best way to determine what is going on.
The server should report when a message is received, when a message is being sent out and whether it was successful or failed and the response from the remote server if rejected, or a notice that the connection timed out.
Enable loggin on your server, and see what it reports.
nslookup -q=mx gmail.con
You will get mail exchanger records. Pick one
Try
Telnet <mx exchanger from the list> 25
Do you get a greating, or does your connection timeout
Logs are the best way to determine what is going on.
The server should report when a message is received, when a message is being sent out and whether it was successful or failed and the response from the remote server if rejected, or a notice that the connection timed out.
Enable loggin on your server, and see what it reports.
ASKER
I've done
and do not see any new error in Log file of hMailserver but I do not get mails in Gmail or Yahoo mail (as I've tried to send to both Gmail and Yahoo mail by the above) . Where is the problem?
and do not see any new error in Log file of hMailserver but I do not get mails in Gmail or Yahoo mail (as I've tried to send to both Gmail and Yahoo mail by the above) . Where is the problem?
What about the results of nslookup -q=mx gmail.com
Does your server return info to which it will connect to transmit the message to the server responsible for the domain on which .......
When dealing with any nail server setup, I first make sure the server can handle incoming by directly submitting messages to it.
Second validate that the system's DNS lookups work.
The destination email address has to be resolved to which nail servers are responsible, nslookup -q=mx <domain>
The outgoing logs shoukd indicate what happens to messages that are destined to external emails.
Once that is identified, confirming that a connection originating from thus server with the remote server as the destination works.
Telnet remote X.domain.com 25
Here one does the SMTP session to confirm the connection can be made and message exchanged. Then to confirm it is delivered when accepted (2xx response from the remote versus 4xx temp deny or 5xx permanent reject)
If there are any errors, I do not advance to the next step until the error/s are resolved.
Does your server return info to which it will connect to transmit the message to the server responsible for the domain on which .......
When dealing with any nail server setup, I first make sure the server can handle incoming by directly submitting messages to it.
Second validate that the system's DNS lookups work.
The destination email address has to be resolved to which nail servers are responsible, nslookup -q=mx <domain>
The outgoing logs shoukd indicate what happens to messages that are destined to external emails.
Once that is identified, confirming that a connection originating from thus server with the remote server as the destination works.
Telnet remote X.domain.com 25
Here one does the SMTP session to confirm the connection can be made and message exchanged. Then to confirm it is delivered when accepted (2xx response from the remote versus 4xx temp deny or 5xx permanent reject)
If there are any errors, I do not advance to the next step until the error/s are resolved.
ASKER
Here is what I've got
C:\Users\Administrator>nslookup -q=mx gmail.com
Server: localhost
Address: 127.0.0.1
DNS request timed out.
timeout was 2 seconds.
*** Request to localhost timed-out
C:\Users\Administrator>
Your system can not resolve, check the DNS settings on the network adapter, or make sure your local DNS is working.
If there are no local DNS server, make sure the name server records on TCP/ip until the nslookup returns info that the server can use to proceed to the next step.
If there are no local DNS server, make sure the name server records on TCP/ip until the nslookup returns info that the server can use to proceed to the next step.
ASKER
Sorry, I now get this
C:\Users\Administrator>nslookup -q=mx gmail.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
gmail.com MX preference = 40, mail exchanger = alt4.gmail-smtp-in.l.google
.com
gmail.com MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com
gmail.com MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google
.com
gmail.com MX preference = 30, mail exchanger = alt3.gmail-smtp-in.l.google
.com
gmail.com MX preference = 20, mail exchanger = alt2.gmail-smtp-in.l.google
.com
Ok, now pick a nail exchanger from the list and telnet to it on port 25
Repeat the SMTP session sending a message to the gmail recipient and see if the message is accepted, and then whether it is delivered on gmail side.
Once you confirm this, try to send the message through the hmailserver through a direct SMTP session. Looking at the logs to see what happens to the message.
Repeat the SMTP session sending a message to the gmail recipient and see if the message is accepted, and then whether it is delivered on gmail side.
Once you confirm this, try to send the message through the hmailserver through a direct SMTP session. Looking at the logs to see what happens to the message.
ASKER
Sorry to that I got the problem like
to which host did you connect?
gmail-smtp-in.l.google.com
alt1.gmail-smtp-in.l.googl
alt2.gmail-smtp-in.l.googl
alt3.gmail-smtp-in.l.googl
alt4.gmail-smtp-in.l.googl
If you connecting to your own, your server requires authentication first.
Please note that when you submit a command before DATA, you always have to look a the response and only proceed when you get a 2xx message back or 3xx as a response to data.
In what you posted, the response to RCPT TO: external email address, your server responds that you need to authenticate first before you will be permitted to relay.
Now if you are on LAN, you would configure your server to allow relaying from internal IPS. 10.x.x.x or 172.16-31.x.x or 192.168.x.x as applicable.
At least the above test confirms that your server is not configured as an open relay that external Spammers would exploit. .......
gmail-smtp-in.l.google.com
alt1.gmail-smtp-in.l.googl
alt2.gmail-smtp-in.l.googl
alt3.gmail-smtp-in.l.googl
alt4.gmail-smtp-in.l.googl
If you connecting to your own, your server requires authentication first.
Please note that when you submit a command before DATA, you always have to look a the response and only proceed when you get a 2xx message back or 3xx as a response to data.
In what you posted, the response to RCPT TO: external email address, your server responds that you need to authenticate first before you will be permitted to relay.
Now if you are on LAN, you would configure your server to allow relaying from internal IPS. 10.x.x.x or 172.16-31.x.x or 192.168.x.x as applicable.
At least the above test confirms that your server is not configured as an open relay that external Spammers would exploit. .......
ASKER
Now if you are on LAN, you would configure your server to allow relaying from internal IPS. 10.x.x.x or 172.16-31.x.x or 192.168.x.x as applicable.
What to adjust/apply now to server?
You are posting partial information in the earlier post. Was that an attempt to send a message through your server or to one of GMAIL's Mail exchangers?
I can not answer your last question without knowing the answer to the question I posed above in this response or in the prior one, a portion of which you are quoting back to me.
The server usually has to allow internal systems to relay through it. To achieve that, the server is configured to allow the local LAN ips to relay through it.
Such that a server whose local lan is 192.168.0.0/24 will add the "Mynetwork" as 192.168.0.0/24 this way any system on the local LAN with IP within the IP segment of 192.168.0.0/24 will be allowed to send messages through this server without the need to authenticate first.
Depending on the options in hMailserver it could be a relay tab, allow the following, where 192.168.0.0/24 will need to be added.
You Should Never add PUBLIC ips into the Allowed to relay ........
I can not answer your last question without knowing the answer to the question I posed above in this response or in the prior one, a portion of which you are quoting back to me.
The server usually has to allow internal systems to relay through it. To achieve that, the server is configured to allow the local LAN ips to relay through it.
Such that a server whose local lan is 192.168.0.0/24 will add the "Mynetwork" as 192.168.0.0/24 this way any system on the local LAN with IP within the IP segment of 192.168.0.0/24 will be allowed to send messages through this server without the need to authenticate first.
Depending on the options in hMailserver it could be a relay tab, allow the following, where 192.168.0.0/24 will need to be added.
You Should Never add PUBLIC ips into the Allowed to relay ........
ASKER
Is it problem to SMTP relayer, below?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
SearchHouseLive.com is registered in Namecheap.com, but Namecheap is having no service of DNS resolver.
Since 8.8.8.8 DNS server is by Google, do you think it would be definitely a big danger to use it?
Since 8.8.8.8 DNS server is by Google, do you think it would be definitely a big danger to use it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What is the real danger to use 8.8.8.8 (of Google) as DNS server?
ASKER
One last thing, is there a way (way like Telnet) to verify if Email server is receiving messages well?
telnet is a means to connect and send.
What you are looking for has to do with server management, eighteen in the shell, or using a web based, GUI .......
A process that crunches logs.
The mechanism used to verify deals with sending a message to an address that the monitoring service pulls message from., I.e. Message to self.
Using 8.8.8.8 has no danger other than info disclosure, I.e. iP and requests.
You can use opendns IPs instead, or you San setup your own local DNS .....
What you are looking for has to do with server management, eighteen in the shell, or using a web based, GUI .......
A process that crunches logs.
The mechanism used to verify deals with sending a message to an address that the monitoring service pulls message from., I.e. Message to self.
Using 8.8.8.8 has no danger other than info disclosure, I.e. iP and requests.
You can use opendns IPs instead, or you San setup your own local DNS .....