So if they are blocking incoming port 25 I am out of luck on hosting a mail server?

Is there cause for concern on the other messages?

Update:

I am able to send an email from user@mtnleopolds.com to user@mtnleopolds.com But when I try from google or protonmail it does not show up.

I have checked my firewall and I have the following ports open.
80, 443, 993, 995, 25, 587, 465, 81, 143, 110

Something is blocking it. Either you have your firewall closed or your ISP is blocking you. I have tried nmap and I get:

[root@server ~]# nmap mtnleopolds.com -p 25



Starting Nmap 6.40 ( http://nmap.org ) at 2020-08-14 17:05 BST

Nmap scan report for mtnleopolds.com (71.205.103.249)

Host is up (0.14s latency).

rDNS record for 71.205.103.249: c-71-205-103-249.hsd1.co.comcast.net

PORT   STATE    SERVICE

25/tcp filtered smtp



Nmap done: 1 IP address (1 host up) scanned in 2.18 seconds

The other messages could be through other ports (especially 587).

Try talking to your ISP about port 25. Some nasty ones will only allow it with a business line.

The other hack attempts are the usual hack attempts. One of the joys or running a public facing server. The only reason for you to leave port 465 or port 587 open is if you want to send mails from your e-mail client via your server when you are external to your LAN

Nick Howitt wrote:

Try talking to your ISP about port 25. Some nasty ones will only allow it with a business line.

The other hack attempts are the usual hack attempts. One of the joys or running a public facing server. The only reason for you to leave port 465 or port 587 open is if you want to send mails from your e-mail client via your server when you are external to your LAN

I was able to talk to my ISP to open up incoming port 25! But I'm still not getting any mail that I can see. Here is the nmap showing the port open, but I'm still getting rejection messages from gmail and protonmail.

Starting Nmap 6.40 ( http://nmap.org ) at 2020-08-14 18:54 MDT

Nmap scan report for mail.mtnleopolds.com (71.205.103.249)

Host is up (0.000045s latency).

rDNS record for 71.205.103.249: c-71-205-103-249.hsd1.co.comcast.net

PORT   STATE SERVICE

25/tcp open  smtp



Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds

There is a potential problem here...

[root@danda ~]# nslookup mail.mtnleopolds.com

Server:		127.0.0.1

Address:	127.0.0.1#53



Non-authoritative answer:

mail.mtnleopolds.com	canonical name = mtnleopolds.com.

Name:	mtnleopolds.com

Address: 71.205.103.249



[root@danda ~]# nslookup 71.205.103.249

249.103.205.71.in-addr.arpa	name = c-71-205-103-249.hsd1.co.comcast.net.

... snipped

Is this a dynamic address? Dynamic IP addresses are increasingly being blacklisted by major mail servers.

I think dynamic addresses are only an issue for sending e-mails, but you are using TurboSMTP for relaying? Please correct me if I'm wrong. This should be OK and I think it is OK for receiving as well.

For receiving e-mails you should have an MX DNS record and this must point to an IP address or an A record (not a CNAME record). If you are wanting to receive e-mails for @mtnleopolds.com addresses on mail.mtnleopolds.com you need your MX record in mtnleopolds.com of mail.mtnleopolds.com. In your case the MX record is missing and mail.mtnleopolds.com is a cname record. If you have a dynamic IP managed by ClearOS you may have to give up and set your MX record to mtnleopolds.com as this already exists as an A record. In the SMTP server you should also change the mail host name to match your MX record.

Also talking about DNS records, you should have an SPF record and TurboSMTP will tell you what to use as a mimimum (or I can look mine up).

However saying all that I still get:

[root@ad-dc-server ~]# nmap mtnleopolds.com -p 25



Starting Nmap 6.40 ( http://nmap.org ) at 2020-08-15 09:36 BST

Nmap scan report for mtnleopolds.com (71.205.103.249)

Host is up (0.023s latency).

rDNS record for 71.205.103.249: c-71-205-103-249.hsd1.co.comcast.net

PORT   STATE    SERVICE

25/tcp filtered smtp



Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds

Has your ISP just allowed outbound tcp:25? You need inbound tcp:25.

A useful test... one server works, the other rejects a dynamic address...

[root@danda ~]# telnet mailin.rzone.de 25

Trying 81.169.145.101...

Connected to mailin.rzone.de.

Escape character is '^]'.

220 mailin.rzone.de ESMTP RZmta 46.10.5 ready (mi81)

quit

221 2.0.0 closing connection

Connection closed by foreign host.



[root@danda ~]# telnet t-online.de 25

Trying 62.138.239.100...

telnet: connect to address 62.138.239.100: Connection refused

Trying 62.138.238.100...

telnet: connect to address 62.138.238.100: Connection refused 

Some mail servers have lists of ISP dynamic addresses - and these all get blacklisted... Also. I don't know about the rest of the world, but some companies here in Australia will not do business with anyone using a dynamic adrdress and they reply, if you try, with a form letter asking you to use an ISP mail server address or a recognised mail server such as gmail. They want to be able to track you down in the case of problems...

By the way 71.205.103.249 is black-listed by SORBS DUHL and Spamhaus ZEN

Hi Tony, I agree those blacklists probably indicate a dynamic IP. He should be able to sidestep that by his use of TurboSMTP for sending mails.

For receiving e-mails, it is generally up to the recipient what he allows. As an example I use a postfix option:

smtpd_client_restrictions = permit_mynetworks, reject_unknown_reverse_client_hostname

This rejects any connection without a PTR record, but it is my choice as the receiver. There are other restrictions you can do, such as no valid hostname in the EHLO, but your test does not go that far. I have no idea what I am not aware of a sender refusing to send to a dynamic IP but you could be right.

Looking at your test t-online.de does not receive e-mails directly:

[root@microserver ~]# host t-online.de

t-online.de has address 62.138.239.100

t-online.de has address 62.138.238.100

t-online.de mail is handled by 10 mx00.t-online.de.

t-online.de mail is handled by 10 mx01.t-online.de.

t-online.de mail is handled by 10 mx02.t-online.de.

t-online.de mail is handled by 10 mx03.t-online.de.

The valid test would be to mx00.t-online.de and this gives a different failed result:

[root@server ~]# telnet mx00.t-online.de 25

Trying 194.25.134.8...

Connected to mx00.t-online.de.

Escape character is '^]'.

554 IP=84.9.57.48 - A problem occurred. (Ask your postmaster for help or to contact tosa@rx.t-online.de to clarify.) (BL)

Connection closed by foreign host.

I know GMX reject me because I have a generic PTR record which I can't change. This could, perhaps be similar, so I also use TurboSMTP. But again, this is a recipient restriction so should not stop the OP from receiving.

Tony, Nick,

Thanks for the great help. I do have a dynamic IP. My DNS is through clear. I don't use TurboSMTP for sending. I have just set up the relay through my ISP's SMTP server as per this document.
https://documentation.clearos.com/content:en_us:kb_howtos_smtp_authentication_to_isp

I used the port 587 and STARTTLS section of that document in order to set up my outbound SMTP to run through smtp.comcast.net


I went to my Clearcenter DNS configuration. I made an MX record
Domain: mtnleopolds.com
priority: 10
Hostname: mtnleopolds.com

I in my webconfig for the server I went to
System -> Settings -> Mail Settings
Mail Domain: mtnleopolds.com
Mail Hostname: mtnleopolds.com (this was mail.mtnleopolds.com)

Unfortunately I still get:

[root@server ~]# nmap mtnleopolds.com -p 25



Starting Nmap 6.40 ( http://nmap.org ) at 2020-08-15 17:37 BST

Nmap scan report for mtnleopolds.com (71.205.103.249)

Host is up (0.14s latency).

rDNS record for 71.205.103.249: c-71-205-103-249.hsd1.co.comcast.net

PORT   STATE    SERVICE

25/tcp filtered smtp



Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds

Until the "filtered" changes to "open" you are stuck, and if ever your IP changes the new IP will have to be open. If it is the ISP blocking, then it may be time for a new ISP, or, perhaps, a business line with your current one. You'll need to ask.

When I do nmap I get the port being open. Must be because I'm on the network at home or something. I'll talk to my ISP again and see if I can get something figured out. Unfortunately comcast is my only option where I am at unless I want very slow DSL or Sat internet. Hoping that we get some competition in the area soon. I'll update this post again later when I can get the stuff sorted with my ISP.

Thanks for your help.

Nathan, you need to check from outside your lan... You can do this yourself...
Use a site such as https://mxtoolbox.com/, pop in your domain name and do an MX Lookup. When the result comes back ,click on the down arrow to the right of your domain name, select "Test Email Server" and then click on the box just to the right of your domain name...

I'm back. I'm still working on my ISP to unblock incoming port 25. I may be making some headway with this finally.

I also have a quick question on how I need my settings to be.

under System -> Settings -> Mail Settings I have
Mail Domain: mtnleopolds.com
Mail Hostname: mtnleopolds.com

I'm not exactly sure what these are and if the should be mail.mtnleopolds.com or smtp.mtnleopolds.com or if they are fine as is.

The Mail Domain means you are handling email addresses with @mtnleopolds.com at the end so is probably good

I believe, ideally the Mail Hostname should match your MX record, but it won't if you are using a third party mail filtering service. I don't know what the exact rules are, but this is the string that the server will identify itself as when sending (EHLO or HELO) and receiving e-mails.

Personally I have both mine set to the same as is my MX record.

First an observation - close port 110; it's no longer needed as it's an old protocol. Also, if you've got the SSL versions of the IMAP ports open (and configured), I wouldn't leave the non-secure versions open .. it defeats the object .. and the same goes for the POP ports.

Now to your problem .. and a question .. you don't say how you your COS machine is physically connected to the internet .. is it via a separate router? - and if so, have you remembered to port forward port 25 to your server? If you haven't, then it matters not that your firewall has the port open, no traffic will reach it.