Email server help -- totally stumped

The problem with being of above-average technical literacy, is sometimes issues are just beyond your capabilities…

I have my own domain, hosted at Quick Click Hosting, which I’ve been using exclusively as a mail server for some time now. Today, my son (who is away at university) informed me he was unable to send or receive email over his home wifi, nor can he access the domain through a browser (webmail or HTTP).

My first instinct is that his new ISP (Bell Canada) is blocking the domain. He called them, and they said it’s not on their end. I’m flummoxed.

To make it more perplexing, yesterday I installed Bell’s Fibe Internet service in my home. Today, my wife and daughter both complained they couldn’t send or receive email while at home. They’ve gone out, but I’m home now, and I’m able to access webmail, Outlook on my desktop, or Outlook through my phone via wifi. WTF?

I feel like my family is punking me. Why would it be working perfectly for me everywhere on every device, and not at all for anyone else??? In fact, I can sit here at my desktop and log into my son’s Webmail through Cpanel with no problem!

You would need to gather more information before I could offer any suggestions.
Can you borrow the use of your wife/daughters computer whilst you try to figure out the problem?
Do they display any error messages when you try to use the email server from their systems?

I can ask when they get home.

My son sent me a pic of the error message he gets when trying to access webmail. It’s basically:

This site can’t be reached.

domain took too long to respond.
ERR_CONNECTION_TIMED_OUT

Perhaps a DNS issue. Is Quick Click Hosting also your domain registrar?

Can you ping your server from the affected computers?
If you’re using Windows:
Open a command prompt, type:
ping <server IP address>

Does your domain lookup to the correct IP?
Open a command prompt, type:
nslookup <domain name>
Does the domain point to the correct IP address?

where is the webmail url being hosted? on a server remotely or one in your home?

Any VPNs in use by any of the above?

@draxen:
Here’s the result from the ping:

C:\Users\brian>ping xxx.xxx.xx.xx

Pinging xxx.xxx.xx.xx with 32 bytes of data:
Request timed out.
Reply from xxx.xxx.xx.xx: bytes=32 time=21ms TTL=49
Reply from xxx.xxx.xx.xx: bytes=32 time=21ms TTL=49
Reply from xxx.xxx.xx.xx: bytes=32 time=21ms TTL=49

Ping statistics for xxx.xxx.xx.xx:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 21ms, Average = 21ms

Domain lookup checks out (resolves to xxx.xxx.xx.xx)

@rei:
Webmail is hosted on Quick Click Hosting’s domestic (Canada) server.

@sillhouette:
Nope. No VPNs.

Thanks for the info but best if you edit your post and delete your IP address just in case.

Oops. Thanks. Replaced with xxx.xxx.xx.xx.

Is it possible you restricted access somehow, such as by MAC? I realize something else would have to change as well if they had access before and don’t now, but it would differentiate systems at least.

Ok. Wife is home. I’ve checked all the settings and the ports are correct. This is getting weirder.

She uses gmail client on her phone, and I’ve got it configured to manage both her gmail and mail from our personal domain. Settings haven’t changed at all.

On her phone on the home wifi, she can receive email I send her. Email she sends moves from her Outbox to her Sent folder, but those messages don’t get sent (or at least, don’t appear for the recipient). Here’s the weird part: email from her account on our personal domain will be received by my account on our personal domain. If I send the identical email to my Hotmail test account, I don’t receive it. Same weird status using Outlook on the desktop.

This is absolutely maddening!

Don’t think so. All I did this weekend was install a new modem. The home wifi network didn’t even change (it’s a Velop mesh network).

Have you tried your devices which work from home, on a public wifi network? It’s not impossible that switching to a new fiber routed connection at home would have triggered some proxy requirement or whitelist at the host? Sounds like the mailserver is only accepting connections from your home IP now, not the authorized account over any network.

This suggests that your mailserver might not be following best practices for email signing. A sufficiently unsigned message ends up looking like spam to big mail providers, and if it looks sufficiently spammy, they’ll bounce the email altogether rather than stick it in a spam folder. Send an email to DKIM Validator to check the signature.

I run a send-only mailserver on my web server so that various things there can send me status messages. It was a huge pain to set up.

e: That wouldn’t explain the rest of the paragraph I quoted, though. Do you have any way to get at the mailserver logs, or is it all on Quick Click’s end?

Is the email server thing a hobby? Just curious.

You’re way ahead of me technically, but I also have Bell Fibe internet and the Home Hub 3000. It’s a bit finicky, weird, and limited. It lacks features, and it’s clear that Bell Canada is tracking every damn thing we do on the internet. For example, there’s no bridge mode (but supposedly there’s an ‘effectively a bridge mode’.).

But, it’s also a bit of a beast with 12 antennas apparently and good wi-fi speeds. But I use a higher end extender too as the box is in my basement.

My guess is it’s the modem/router.

You may need to dig into DSLReports as the forums there are more technical. On the plus side, if you’re looking for another hobby / full time job, you can join the group there in their efforts to bypass the HH3000.

https://www.dslreports.com/forum/r32488165-Internet-Replace-Bell-s-HH3000-with-Linksys-wrt32x-step-by-step

Yeah, not a hobby, Scott. I just got frustrated 25 years ago changing my email address every couple years. For $20/year, myself, my wife and my kids will have the same email address until we die.

The HomeHub 3000 seems like a nice piece of kit. There is indeed no bridge mode, though I can confirm that simply plugging in a single Velop node it pretty much worked as such. That is to say, the modem still has its default network with SSID (only the two TVs are on that network) and the mesh network has its own discrete network with SSID. Let me tell you the hassle I went through getting my previous modem (SmartRG from Primus) to work like that!

I’m staying away from the black hole that is DSLReports. I got lost in there some years ago, and don’t want to go down that hole again!

I’ve submitted a ticket to the hosting provider. I think it’s got to be something on their end.

How do you have QuickClick set up? It sounds like have your own vanity domain that is redirected to gmail ? Are you doing that through DNS or an https redirect?

Or are you actually running your own email server?

Trying to troubleshoot this is going to be very confusing if you are not familiar with how email and all the various clients and protocols work.

For example, for your wife’s phone that uses the gmail client, how is it configured? POP, IMAP, Google, Exchange, etc?

Hello!

You made my Google now feed :)

So … local MTA is delivering fine between users. I assume Exim since you said cPanel. Outbound, not so much.

Start checking blacklists for your IP as well as your domain. mxtoolbox.com is a great resource. If nothing there. Your ISP / hosting provider is blocking you internally from outbound port 25. Probably a device. Maybe barracuda networks, maybe iptables rules.

Here’s the tell. Telnet to your own domain from the shell of your host machine.

[email protected]^] telnet domain.com 25

You should get an Exim HELO. Assuming cPanel again. If you just get the telnet escape to close … You are not really connected to Exim even though you see ‘connected’. It’s your ISP. Their device.

It’s like when a bad caller calls your house. You pick up but don’t say hello. Then wait. They will hang up.

Now try any other machine not on your host machine. Gmail. Outlook. They will all answer if you can get out.

My guess is, you will see nothing. In your MTA logs you will probably see 421 downstream errors as well as 451 connection time outs.

Pretty standard. They probably have been filtering your mail without your knowledge for a while now. If your score stays above 5 for too long, rules start to apply. Filtering happens. Blocks get levied.

They will run you in circles and lie --but SPAM is a real issue for ISPs. The rules on port 25 are difficult since all servers need 25 to talk to each other. When SPAM gets out of hand they act quick. If they didn’t --every IP they owned would be blacklisted everywhere.

I will say this. Running mail is a lot more difficult than you can imagine. I have been doing it for many years professionally. It’s always a headache. It seems like it should be so easy --in theory …

I wish you the best of luck. I have taken this journey of discovery myself. It’s why I am my own ISP now.

Regards,

R
@ConciseCS