Website needs to send emails to cloudron server
-
Externally hosted, on the previous mail server (exchange 2010) I had whitelisted the sending IP
45.32.190.174
I have done the same here on cloudron.
However the website is unable to send,
logs..Not sure why the other end is reporting a failure ?
-
Websites log...
Versions: WordPress: 6.5 WordPress MS: No PHP: 8.0.30 WP Mail SMTP: 3.10.0 Params: Mailer: smtp Constants: No ErrorInfo: SMTP Error: Could not authenticate. 2024-04-08 04:03:32 Connection: closed SMTP Error: Could not authenticate.
-
@nebulon originally they were not trying to authenticate, later I gave them credentials for the main mailbox they are trying t osend orders to sales@puresource.co.nz
What happens is a customer orders something on the website,
the website emails the order to the business (this seems to work ok) the website also attempts to send the customer an email about the order, via the same send process (ie to the cloudron server).Without authentication the external address is considered undeliverable. (ie not relaying email... understandable)
I'm guessing its trying to push email in the out port with authentication.
-
An earlier attempt without authentication...
Mailer: Other SMTP PHPMailer was able to connect to SMTP server but failed while trying to send an email. Email Source: WP Mail SMTP Pro Mailer: Other SMTP SMTP Error: The following recipients failed: ***@***.nz: I cannot deliver mail for SMTP Debug: 2024-04-07 22:47:18 Connection: opening to my.***.nz:25, timeout=300, options=array() 2024-04-07 22:47:18 Connection: opened 2024-04-07 22:47:21 SERVER -> CLIENT: 220 my.***.nz ESMTP Haraka ready 2024-04-07 22:47:21 CLIENT -> SERVER: EHLO ***.co.nz 2024-04-07 22:47:23 SERVER -> CLIENT: 250-my.***.co.nz Hello *.vultrusercontent.com *Haraka is at your service.250-PIPELINING250-8BITMIME250-SMTPUTF8250-SIZE 75000000250 STARTTLS 2024-04-07 22:47:23 CLIENT -> SERVER: MAIL FROM:sales@*** 2024-04-07 22:47:23 SERVER -> CLIENT: 250 sender sales@*** OK 2024-04-07 22:47:23 CLIENT -> SERVER: RCPT TO:***@***.nz 2024-04-07 22:47:23 SERVER -> CLIENT: 550 I cannot deliver mail for ***@***.nz 2024-04-07 22:47:23 SMTP ERROR: RCPT TO command failed: 550 I cannot deliver mail for ***@***.nz 2024-04-07 22:47:23 CLIENT -> SERVER: QUIT 2024-04-07 22:47:23 SERVER -> CLIENT: 221 my.domain closing connection. Have a jolly good day. 2024-04-07 22:47:23 Connection: closed SMTP Error: The following recipients failed: ***@***.co.nz: I cannot deliver mail for
-
This is the console the web people have to configure the SMTP sending! image removed
-
@AartJansen port 25 is not the correct port to send email. This is for exchange of mail between mail servers.
Can you try with encryption - port 587 (TLS) or port 465 (SSL) ?I misread that UI. Unfortunately, the settings are totally confusing. Port 587 is STARTTLS aka opportunistic TLS. Port 465 is always TLS . Generally, it doesn't make sense to choose between SSL and TLS like in the UI I guess use TLS there.
I am not sure what "Auto TLS" means above, I guess you have to enable it?
Also, on Cloudron, you must always have authentication. So turn on the last Authentication checkbox as well.
-
I think port 25 works ok, without authetication, for mail domains that the server hosts, as PHPMailer acts as a SMTP server sending mail to another SMTP server. And because its whitelisted the senders domain being one thats hosted on cloudron gets a pass. (Even though the logs indicate an address postmaster@... that I don't think exists), and the website people say they are not using.
Is there a default postmaster@ account for sending NDR's etc ?
The problem is, they want to also send the email to customer this way and cloudron wont relay. -
@AartJansen said in Website needs to send emails to cloudron server:
The problem is, they want to also send the email to customer this way and cloudron wont relay.
Right, cloudron won't relay mail that is coming in via port 25. port 25 is the port for incoming mail. It will only relay emails that are being sent via submisson port . See also https://kinsta.com/blog/smtp-port/
(Your observation is correct otherwise. Cloudron will accept mails on port 25 from another server but these won't be relayed. Cloudron's relay is meant for mails that it sends out)
-
Thanks, what about that mysterious reference to postmaster@mydomain ? I think its their end using it, if I read the logs correctly. I have turned on masquerading for that domain, but would that help if the postmaster mail address is non-existent ?
-
@AartJansen not sure, I am a bit lost of the specifics of your setup. An external website (WordPress) wants to send email to a mailbox hosted on Cloudron mail server. This external website behaves as a mail server of it's own and sends via port 25 and also has the appropriate DNS records for whitelisting it. I assume Cloudron mail server also has that mailbox created. Did I get this right? What is the issue?
-
Yes, thats correct.
The issue is that the website also wants to send an email to the customer as a confirmation of their purchase. ie buyer@gmail.com and is sending it to cloudron server for delivery. I just read the kinsta link you provided, thanks for that, I did not realise port 465 was "no longer official" and 587 was the preferred port. -
@AartJansen Is there a reason the website is sending email to buyer@gmail.com via Cloudron ? Why is it not sending to gmail directly?
But, if you really want to get Cloudron to send this mail to buyer@gmail.com, then the website has to use the credentials of a mailbox on Cloudron and send via port 587. Cloudron mail server does not relay email unauthenticated mail.
What I mean is: create a mailbox called website@ in Cloudron. Assign owner to this mailbox. You can create app password that will work only for mailboxes in the Profile -> App Password -> Mail client. Then use website@ and password in the website to send mails on port 587 via STARTTLS
-
Thank you @girish those instructions worked well!
-
-
-
Just as a follow up, another webhost for another site (same server) just got me to add the ip of their sending server to the SPF record, they were getting similar errors, and didn't want to use 587 / authentication.
So the spf record now looks likev=spf1 a:my.friendwholesale.co.nz ip4:103.248.189.217 +a:my.friendwholesale.co.nz ~all
Seems weird to have a: and +a: with the same domain, it passes the mxtoolbox spf test
-
@AartJansen '+' is the default qualifier. So, it is redundant in
+a:my.friendwholesale.co.nz
. You can remove it.