Solved 🤔 Cloudron External SMTP > Mail-in-a-box SMTP > ECONNREFUSED

tshirt-chihuahu

Attempting to setup an external email relay on Cloudron via an external SMTP server (which is a self-hosted instance of Mail-in-a-Box https://mailinabox.email/ in this case).

This SMTP server works fine for email clients via SMTP connection.

However, when I've attempted to connect to it from my Cloudron instance (Cloudron-Mautic app, now the default mail server), have had issues. Which makes me think it's on Cloudron's side.

Incoming mail is disabled on Cloudron server.
Attempted to change the Cloudron global mail server location to the SMTP server's domain. Didn't make any difference.
Problem definitely is not the password.

The Mail-in-a-box/SMTP server lives at box.domain.com.
The cloudron instance is setup at my.domain.com via wildcard domain configuration in cloudron. (Visiting these servers via webpage works fine, so don't see any reason why this would be problematic.)
Again, other SMTP connections to this Mail-in-a-box server work fine.

The error message i'm getting is below ("ECONNREFUSED")

Any ideas anyone?
Thanks for the help.

tshirt-chihuahu

Realized this is most likely a firewall issue at this point.

Saw some posts about Mautic (which I was previously attempting to connect directly to the same SMTP server via the app settings) configuration not behaving well - which I definitely experienced, which likely landed the IP on a block list.

But if anyone else has any ideas I'd be happy to hear them.....

girish

@tshirt-chihuahu It seems that for some reason the SMTP host resolves to 127.0.1.1 (from the error message). Can you try to run host box.domain.com on the Cloudron server and tell me what it returns?

(Also, do you have any custom DNS setup by any chance?)

tshirt-chihuahu

@girish good point. here's what is returned on the cloudron server at my.domain.com:

$ host box.domain.com
box.domain.com has address [correct IP address for MIAB machine]
box.domain.com mail is handled by 10 box.domain.com

[correct ip address for MIAB machine] is of course definitely not 127.0.1.1

re: custom DNS
the Mail-in-a-Box server at box.domain.com controls the DNS for domain.com and otherdomain.com (standard for MIAB to control DNS) and there are custom DNS entries....

However, the only custom DNS records are the wildcard A records (1 for each domain) pointing to the same cloudron server.

Thus the "host" command on the cloudron machine returns the expected IP addresses for the Cloudron and MIAB servers based on the domain/subdomain pinged.

Host is Vultr in case that provides any clues. The servers are in the same geographic location listed by Vultr.

My current hypotheses (which likely aren't worth much):

• Error message is not returning the expected information (has happened before will happen again)
• there's something going on with the container isolation strategy you guys are using that isn't playing nicely with the network.... but you'd know way more about that than me.

I'm going to run with the firewall idea to see if that leads to a fix so that can be counted out and will report back.

girish

@tshirt-chihuahu said in Cloudron External SMTP > Mail-in-a-box SMTP > ECONNREFUSED:

Thus the "host" command on the cloudron machine returns the expected IP addresses for the Cloudron and MIAB servers based on the domain/subdomain pinged.

Can you try host box.domain.com 127.0.0.1 as well ? Cloudron has an internal DNS server (called unbound). Depending on whether the host command works, you might have to tweak that DNS for your setup - https://docs.cloudron.io/networking/#private-dns

tshirt-chihuahu

@girish said in Cloudron External SMTP > Mail-in-a-box SMTP > ECONNREFUSED:

host box.domain.com 127.0.0.1

This returns:

Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

box.domain.com has address [MIAB Server IP]
box.domain.com mail is handled by 10 box.domain.com

I assume this is as expected/desired, correct?

tshirt-chihuahu

@girish

I'm going to run with the firewall idea to see if that leads to a fix so that can be counted out and will report back.

Doesn't appear to be a firewall issue afterall. Nothing on the ban list (fail2ban) now and issue persists.

tshirt-chihuahu

@girish
Given it doesn't appear to be a DNS issue as box.domain.com 127.0.0.1 routes to the mail server. Any other ideas? I'm stuck.

girish

@tshirt-chihuahu The DNS response seems correct. So, the issue is somewhere else. Let me quickly test it here to see if it's a general issue or something with your setup.

girish

The root cause for this was the Cloudron server had the hostname as "box.domain.com" (same as the relay). Debian/Ubuntu has a quirk that it will put the hostname in /etc/hosts to resolve as 127.0.1.1. This meant that when we try to set it as relay, it resolves to 127.0.1.1 instead of the actual IP.

To add to the confusion, I suggested using the host command which does not use /etc/hosts (i.e the nsswitch mechanisms) and uses only the DNS. If I had suggested using ping then we would have narrowed down the issue more quickly...

Anyway, the fix is simply to hostnamectl set-hostname somethingelse.domain.com and also edit /etc/hosts (for some reason, hostnamectl doesn't change hosts file even after reboot, ).