SSL is installed but can't send encrypted emails

Samet Chan

Well-Known Member
Jun 24, 2016
359
32
103
cPanel Access Level
Root Administrator
Twitter
Hello,

Thank you for the additional information. It looks like what's in-question here isn't the encryption of the email contents, but rather the transaction itself. It's possible your data center is filtering outgoing SMTP traffic. Please run the following commands from the cPanel server and let us know the output:

Code:
telnet gmail-smtp-in.l.google.com 465
telnet gmail-smtp-in.l.google.com 25
Thanks.
Hi,

It is not working for me.
[[email protected] ~]# telnet gmail-smtp-in.l.google.com 465
-bash: telnet: command not found
I'm on CentOS 7.5 (Core).
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello @Samet Chan,

I moved this post to it's own thread.

The "telnet" utility isn't always installed by default. You can install it with the following command:

Code:
yum install telnet
Thank you.
 

Samet Chan

Well-Known Member
Jun 24, 2016
359
32
103
cPanel Access Level
Root Administrator
Twitter
Hello @Samet Chan,

I moved this post to it's own thread.

The "telnet" utility isn't always installed by default. You can install it with the following command:

Code:
yum install telnet
Thank you.
Ok, just installed telnet. They server are trying to connect after refused.
Code:
[[email protected] ~]# telnet gmail-smtp-in.l.google.com 465
Trying 2a00:1450:400c:c09::1a...
telnet: connect to address 2a00:1450:400c:c09::1a: Connection refused
Trying 64.233.166.26...
This IPv6 and IPv4 are from google.com, it's not my IP server.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello,

I recommend reaching out to your data center or hosting provider to verify if there's anything filtering port 25 or port 465 traffic in their network or firewall rules. Providers will often block these ports as a SPAM prevention technique.

Thank you.
 

Samet Chan

Well-Known Member
Jun 24, 2016
359
32
103
cPanel Access Level
Root Administrator
Twitter
Hello,

I recommend reaching out to your data center or hosting provider to verify if there's anything filtering port 25 or port 465 traffic in their network or firewall rules. Providers will often block these ports as a SPAM prevention technique.

Thank you.
I disabled CSF Firewall, but still they are trying to connect.
Code:
[[email protected] ~]# telnet gmail-smtp-in.l.google.com 25
Trying 2a00:1450:400c:c0a::1b...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP p12-v6si7373990wrd.297 - gsmtp


[[email protected] ~]# telnet gmail-smtp-in.l.google.com 465
Trying 2a00:1450:400c:c0a::1b...


[[email protected] ~]# telnet gmail-smtp-in.l.google.com 587
Trying 2a00:1450:400c:c0a::1b...
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
I disabled CSF Firewall, but still they are trying to connect.
CSF firewall is a local firewall on your server. Your data center or hosting provider could filter port 465 traffic in their network or router rules outside of your individual server. Can you check with them to see if that's the case?

Thank you.
 

Samet Chan

Well-Known Member
Jun 24, 2016
359
32
103
cPanel Access Level
Root Administrator
Twitter
CSF firewall is a local firewall on your server. Your data center or hosting provider could filter port 465 traffic in their network or router rules outside of your individual server. Can you check with them to see if that's the case?

Thank you.
Ok, I've contacted the hosting. They will reply back soon.
 
  • Like
Reactions: cPanelMichael

Samet Chan

Well-Known Member
Jun 24, 2016
359
32
103
cPanel Access Level
Root Administrator
Twitter
Ok, we got received an email from support hosting.
Dear Samet,

Thank you for your patience.

The ports 465,25 and 587 are open on your VPS (xxx.xxx.xxx.xx) are open. The telnet command you mentioned in your previous message will try to open a telnet connection to the Google servers, which will most likely not accept such a request. You can see which service is running on which port with the following command:

netstat -tulnp

Since the ports mentioned by you are all occupied by exim, we are suspecting that you are having troubles with establishing an SMTP or IMAP connection. If that is the case, please provide us with cPanel login data to a domain you are having trouble with so we can try to reproduce your problem.
And there,
[[email protected] ~]# netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8799/httpd
tcp 0 0 0.0.0.0:2077 0.0.0.0:* LISTEN 1361/cpdavd - accep
tcp 0 0 0.0.0.0:2078 0.0.0.0:* LISTEN 1361/cpdavd - accep
tcp 0 0 0.0.0.0:2079 0.0.0.0:* LISTEN 1361/cpdavd - accep
tcp 0 0 0.0.0.0:2080 0.0.0.0:* LISTEN 1361/cpdavd - accep
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 16083/dovecot
tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 23094/cpsrvd (SSL)
tcp 0 0 127.0.0.1:579 0.0.0.0:* LISTEN 8508/cPhulkd - proc
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 16083/dovecot
tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 23094/cpsrvd (SSL)
tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 23094/cpsrvd (SSL)
tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 23094/cpsrvd (SSL)
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 8503/exim
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 16083/dovecot
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 3678/spamd child
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 16083/dovecot
tcp 0 0 0.0.0.0:2095 0.0.0.0:* LISTEN 23094/cpsrvd (SSL)
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 538/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8799/httpd
tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN 23094/cpsrvd (SSL)
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 8503/exim
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 15926/pure-ftpd (SE
tcp 0 0 xxx.xxx.xxx.xx:53 0.0.0.0:* LISTEN 15891/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 15891/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16764/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 8503/exim
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 15891/named
tcp6 0 0 :::443 :::* LISTEN 8799/httpd
tcp6 0 0 :::993 :::* LISTEN 16083/dovecot
tcp6 0 0 :::995 :::* LISTEN 16083/dovecot
tcp6 0 0 :::3306 :::* LISTEN 8444/mysqld
tcp6 0 0 :::587 :::* LISTEN 8503/exim
tcp6 0 0 :::110 :::* LISTEN 16083/dovecot
tcp6 0 0 ::1:783 :::* LISTEN 3678/spamd child
tcp6 0 0 :::143 :::* LISTEN 16083/dovecot
tcp6 0 0 :::111 :::* LISTEN 538/rpcbind
tcp6 0 0 :::80 :::* LISTEN 8799/httpd
tcp6 0 0 127.0.0.1:7984 :::* LISTEN 3203/java
tcp6 0 0 :::465 :::* LISTEN 8503/exim
tcp6 0 0 :::21 :::* LISTEN 15926/pure-ftpd (SE
tcp6 0 0 :::22 :::* LISTEN 16764/sshd
tcp6 0 0 127.0.0.1:8984 :::* LISTEN 3203/java
tcp6 0 0 :::25 :::* LISTEN 8503/exim
udp 0 0 127.0.0.1:323 0.0.0.0:* 564/chronyd
udp 0 0 0.0.0.0:704 0.0.0.0:* 538/rpcbind
udp 0 0 xxx.xxx.xxx.xx:53 0.0.0.0:* 15891/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 15891/named
udp 0 0 0.0.0.0:111 0.0.0.0:* 538/rpcbind
udp6 0 0 ::1:323 :::* 564/chronyd
udp6 0 0 :::704 :::* 538/rpcbind
udp6 0 0 :::111 :::* 538/rpcbind
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello @Samet Chan,

Thank you for the additional information. The telnet results over ports 465 and 587 are normal when checking Gmail, as Google blocks those connections.

Can you let us know the specific error message you are receiving in your email client? One other item to rule out is the use of IPv6 lookups. Here are a couple of third-party URLs you may find helpful to test if this solves the problem:

Why is my CentOS 6 system doing IPv6 lookups?
Forcing DNS lookups to use IPv4 instead of IPv6 - CentOS

Thank you.
 

Samet Chan

Well-Known Member
Jun 24, 2016
359
32
103
cPanel Access Level
Root Administrator
Twitter
Hello @Samet Chan,

Thank you for the additional information. The telnet results over ports 465 and 587 are normal when checking Gmail, as Google blocks those connections.

Can you let us know the specific error message you are receiving in your email client? One other item to rule out is the use of IPv6 lookups. Here are a couple of third-party URLs you may find helpful to test if this solves the problem:

Why is my CentOS 6 system doing IPv6 lookups?
Forcing DNS lookups to use IPv4 instead of IPv6 - CentOS

Thank you.
I don't really use IPv6. I prefer to use IPv4. Gmail just keep receive of my spam folder from my site forum using 465 Port for SSL.
And I only see in receive email for "Gray (TLS - standard encryption)", there no Green (S/MIME enhanced encryption). If I can a switch to Green (S/MIME enhanced encryption) and without check spam/junk folder?
 

Samet Chan

Well-Known Member
Jun 24, 2016
359
32
103
cPanel Access Level
Root Administrator
Twitter
Hello,

If the issue relates to Gmail detecting messages from your server as SPAM, you should first review the guidelines on the following document to ensure they are followed:

How to Keep your Email Out of the Spam Folder - cPanel Knowledge Base - cPanel Documentation

Can you confirm that's the case?

Thank you.
I just read it this guide. It was not clear me to understand.
Code:
[[email protected] ~]# dig mx1.cpanel.net +short
208.74.121.68
[[email protected] ~]# dig -x 208.74.121.68 +short
mx1.cpanel.net.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello @Samet Chan,

That's the example. You should replace "mx1.cpanel.net" with your server's hostname, and then replace "208.74.121.68" with the IP address that appears when running the first command.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hostname was default by hosting. Do I need to contact hosting support to add this mx1.cpanel.net right?
No, mx1.cpanel.net is just an example. You need to use your server's actual hostname (e.g. server.yourserver.com).

Thank you.