[Solved] e-mail POP3 hosting setup

[tschmidt]

I have my own VPS and trying to setup e-mail for some of my domains.

1) I am getting an error when I try to check POP3 in gmail for one of my domains:
I get "TLS negotiation failed the certificate doesn't match the host. code 550" and a weirder error message from Outlook.  I do get success using POP3 a without encryption, so seems mailbox is configured correctly.  Is there a way to resolve this issue for my domains?

2) Are there still issues with helio servers connecting to g-mail?  I am configure a rule to forward e-mail at to gmail address to get around the problem above and some e-mails are getting through, but not all of them.

 

[MoneyBroz]

This support request is being escalated to our root admins.

[Krydos]

1. It sounds like you haven't applied your SSL certificate to your mail server. Are you using a control panel like Hestia or installing things via SSH?
2. For the Gmail issue, Google is just arrogant and think they own the internet, so they do whatever they want to. They sometimes block emails from everyone for no reason at all, and even worse they sometimes, in their infinite wisdom, just delete emails entirely and don't even let you see it in spam. Gmail is hands down the worst email provider you can use if you actually want to receive emails. That said, sometimes they will give a bounce back error message explaining what the issue is. If you're missing DNS records or reverse DNS it will definitely affect your ability to send email to Gmail, but even with perfect credentials you should expect a lot of your emails to be deleted without being delivered. I've even contacted Gmail support and they told me that even Google employees can't make emails get delivered. The only real option is to use something other than Gmail.

[tschmidt]

I am using Hestia as a control panel.  I am using the default letsencrypt.org capability in Hestia and copying the DNS records to Cloudflare for SSL.  It's not clear to me if I need to install a certificate for each domain separately for e-mail as it seems my VPS domain is vps##.heliohost.us is referenced when I generate an outbound e-mail programmatically from one of my domains.   I can play with it, but if there are already instructions that would be great.  

RE: Gmail:  I got the impression that with so many hosts in your network google is more likely to block emails sourced from heliohost IPs or domains.  If that is true and there is a higher likelhood of blocking than somewhere else, that is a problem for me.   I have not noticed the issues you mentioned with Gmail undeliverability etc.  I have not configured reverse DNS records so perhaps that is the root of my problem?  Again, if documented somewhere let me know or I can research  myself.   I think it would be helpful for others to have best-practices instructions here to help people with this issue in the future.

[Krydos]

6 hours ago, tschmidt said:

I am using Hestia as a control panel.

According to this https://forum.hestiacp.com/t/pop3-connection-failure/3688/3 Hestia should use POP3 with SSL/TLS on port 995 if you have enabled mail.

6 hours ago, tschmidt said:

I got the impression that with so many hosts in your network google is more likely to block emails sourced from heliohost IPs or domains.

The more good emails you send from an IP the more Gmail trusts the IP. Any IP which has sent very few good emails, such as every VPS IP will have less trust. Keep sending good emails, and keep getting your Gmail friends to click "not spam" and it should get better. I've seen Gmail block an email I sent myself from an Outlook.com email address, so it doesn't matter what you do. If Gmail wants to delete your emails they will.

6 hours ago, tschmidt said:

I have not configured reverse DNS records so perhaps that is the root of my problem?

Check the bounce back errors like I said. They should say exactly what you need to do. By default your VPS has vps#.heliohost.us as your reverse DNS, but if you want it changed to something else let us know. You can also try sending an email to https://www.mail-tester.com/ and if the score isn't 10/10 post the link to the full report so we can help you fix any errors.

[tschmidt]

On 12/17/2023 at 7:26 PM, Krydos said:

Check the bounce back errors like I said. They should say exactly what you need to do. By default your VPS has vps#.heliohost.us as your reverse DNS, but if you want it changed to something else let us know. You can also try sending an email to https://www.mail-tester.com/ and if the score isn't 10/10 post the link to the full report so we can help you fix any errors.

Thanks Krydos!  I would like to use rf6.co as my default domain and then I can setup reverse DNS in cloudflare like this right 121.153.71.64.in-addr.arpa ?

Let me know if anything I am missing.

[Krydos]

You'll need to contact Cloudflare support for assistance configuring their system. I don't work for Coudflare so I have no access to their systems.

[tschmidt]

Can you change the primary domain on my VPS to rf6.co and I will update the cloudflare DNS?

[Krydos]

I found this link for changing the main domain for Hestia. https://forum.hestiacp.com/t/how-to-edit-main-domain/3250 They suggest just creating the new domain, and deleting the old domain I guess.

[tschmidt]

On 12/26/2023 at 9:19 PM, Krydos said:

I found this link for changing the main domain for Hestia. https://forum.hestiacp.com/t/how-to-edit-main-domain/3250 They suggest just creating the new domain, and deleting the old domain I guess.

I was able to add the new domain rf6.co as the hestia primary domain but only after deleting the old vps##... url.  I updated the cert to the new domain too.  Is there another setting to enable port 8083 for individual domains on the VPS?  It looks like that port is blocked for the new domain.

[Krydos]

The reason rf6.co:8083 doesn't work is because you're using Cloudflare proxy. If you look at the A records https://dnschecker.org/#A/rf6.co you can see that they aren't your VPS ipv4. If you want to access Hestia on a domain it needs to be an A record pointed directly to 64.71.153.121. You can still use Cloudflare DNS, you just need to turn off the proxy part.