cPanel/WHM is unable to connect to Proxmox Mail Gateway on Port 26

jehchoi1

Active Member
Feb 28, 2017
13
1
43
51
I am running Proxmox Mail Gateway 7.1-4.
I have configured cPanel/WHM to use Proxmox Mail Gateway as it's smart host email relay.
Outbound emails are not able to send email to the Proxmox Mail Gateway.

When I do a telnet connection to the PMG on port 26 I'm getting message "telnet: Unable to connect to remote host: Connection refused" message.
Can you someone please help me how to fix this error?

External SMTP Port 25 and Internal SMTP Port 26 is already configured on the Proxmox Mail Gateway GUI internface.
Menu: Configuration > Mail Proxy > Ports
 
please post:
* journalctl -f - while you try to send a mail via cpanel
* ss -tlnp
from the PMG installation

else - check that you don't have a firewall in between or on any of the hosts which prevent communication

I hope this helps!
 
Result of "journalctl -f"

-- Journal begins at Wed 2022-07-27 13:19:28 CDT. --
Sep 08 09:34:40 mailgw01 kernel: audit: type=1400 audit(1662647680.382:6742): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:34:40 mailgw01 kernel: audit: type=1400 audit(1662647680.382:6743): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:34:40 mailgw01 audit[50383]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:34:40 mailgw01 audit[50383]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="inet6" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
Sep 08 09:34:40 mailgw01 audit[50383]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="inet" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
Sep 08 09:34:40 mailgw01 audit[50383]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="unix" sock_type="dgram" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:34:40 mailgw01 kernel: audit: type=1400 audit(1662647680.386:6744): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:34:40 mailgw01 kernel: audit: type=1400 audit(1662647680.386:6745): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="inet6" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
Sep 08 09:34:40 mailgw01 kernel: audit: type=1400 audit(1662647680.386:6746): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="inet" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
Sep 08 09:34:40 mailgw01 kernel: audit: type=1400 audit(1662647680.386:6747): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50383 comm="cupsd" family="unix" sock_type="dgram" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:34:49 mailgw01 sudo[50385]: snapadmin : TTY=pts/0 ; PWD=/home/snapadmin ; USER=root ; COMMAND=/usr/bin/journalctl -f
Sep 08 09:34:49 mailgw01 sudo[50385]: pam_unix(sudo:session): session opened for user root(uid=0) by snapadmin(uid=1000)
Sep 08 09:35:01 mailgw01 CRON[50388]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Sep 08 09:35:01 mailgw01 CRON[50389]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Sep 08 09:35:01 mailgw01 CRON[50388]: pam_unix(cron:session): session closed for user root
Sep 08 09:35:45 mailgw01 pmg-smtp-filter[45652]: starting database maintenance
Sep 08 09:35:45 mailgw01 pmg-smtp-filter[45652]: end database maintenance (3 ms)
Sep 08 09:36:10 mailgw01 systemd[1]: cups.service: start operation timed out. Terminating.
Sep 08 09:36:10 mailgw01 systemd[1]: cups.service: Failed with result 'timeout'.
Sep 08 09:36:10 mailgw01 systemd[1]: Failed to start CUPS Scheduler.
Sep 08 09:36:10 mailgw01 systemd[1]: cups.service: Scheduled restart job, restart counter is at 382.
Sep 08 09:36:10 mailgw01 systemd[1]: Stopped CUPS Scheduler.
Sep 08 09:36:10 mailgw01 systemd[1]: cups.path: Succeeded.
Sep 08 09:36:10 mailgw01 systemd[1]: Stopped CUPS Scheduler.
Sep 08 09:36:10 mailgw01 systemd[1]: Stopping CUPS Scheduler.
Sep 08 09:36:10 mailgw01 systemd[1]: Started CUPS Scheduler.
Sep 08 09:36:10 mailgw01 systemd[1]: cups.socket: Succeeded.
Sep 08 09:36:10 mailgw01 systemd[1]: Closed CUPS Scheduler.
Sep 08 09:36:10 mailgw01 systemd[1]: Stopping CUPS Scheduler.
Sep 08 09:36:10 mailgw01 systemd[1]: Listening on CUPS Scheduler.
Sep 08 09:36:10 mailgw01 systemd[1]: Starting CUPS Scheduler...
Sep 08 09:36:10 mailgw01 audit[50397]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 audit[50397]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 audit[50397]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 audit[50397]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 audit[50397]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 audit[50397]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="inet6" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
Sep 08 09:36:10 mailgw01 audit[50397]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="inet" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
Sep 08 09:36:10 mailgw01 audit[50397]: AVC apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="dgram" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 kernel: audit: type=1400 audit(1662647770.887:6748): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 kernel: audit: type=1400 audit(1662647770.887:6749): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 kernel: audit: type=1400 audit(1662647770.887:6750): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 kernel: audit: type=1400 audit(1662647770.887:6751): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 kernel: audit: type=1400 audit(1662647770.887:6752): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
Sep 08 09:36:10 mailgw01 kernel: audit: type=1400 audit(1662647770.887:6753): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="inet6" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
Sep 08 09:36:10 mailgw01 kernel: audit: type=1400 audit(1662647770.887:6754): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="inet" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
Sep 08 09:36:10 mailgw01 kernel: audit: type=1400 audit(1662647770.887:6755): apparmor="DENIED" operation="create" profile="/usr/sbin/cupsd" pid=50397 comm="cupsd" family="unix" sock_type="dgram" protocol=0 requested_mask="create" denied_mask="create" addr=none


Result of "ss -tlnp"

1662648057798.png


On the cPanel/WHM's Email Delivery Report this is failure message:
"Connection refuse"


Lastly, telnet to Proxmox Mail Gate on port 26 works on other Linux box.

1662648389930.png


It only fails from cPanel/WHM

1662648464983.png
 
why do you have a print-server (CUPS) installed on your Proxmox Mail Gateway? (don't think it's relevant to the issue at hand - but would still suggest to remove probably unneeded software)

* does telnet work from other hosts as well (since you only sent the screenshot of what looks like the mailgateway itself)?
* the connection refused points to either a firewall in the way - or maybe you have a duplicate IP (and your cpanel host connects to the other host with the IP of your PMG)

I hope this helps!
 
Yes, I have no problem connecting from other hosts.

1662650670427.png

1662650741006.png


I didn't install any additional services or apps on the Proxmox Mail Gateway but I can uninstall it.
We only have one IP on the network for Proxmox Mail Gateway
 
check the firewall settings on the cpanel and on pmg (`iptables -nvL` `nft list ruleset`,....) and check if the router/firewall between the 2 hosts prevents communication on port 26.
 
There is no iptables installed on the PMG? I didn't install or remove anything after installing the PMG.
What is the default firewall installed on the PMG?
 
Check the firewall on the server handing over emails to PMG. See if you can explicitly set port 26 as an allowed port to hand over things to other servers.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!