Outbound emails failing with Connection Timeout error

Questions and answers about how to do stuff
Post Reply
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Outbound emails failing with Connection Timeout error

Post by sunnyg »

Hello experts,

Over the last 2 days, I have observed that all outbound emails are failing with the error Connection timed out:

Code: Select all

(connect to hotmail-com.olc.protection.outlook.com[104.47.57.161]:25: Connection timed out)
(connect to mxb-00102601.gslb.pphosted.com[67.231.152.222]:25: Connection timed out)
(connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:400b:c00::1b]:25: Network is unreachable)
There has been no configuration changes in EFA other than the standard updates being applied.

Any thoughts on why this may be occurring ?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Outbound emails failing with Connection Timeout error

Post by shawniverson »

If you can't reach port 25 on remote relays, something may be wrong networking-wise.

The problem can probably be troubleshooted with some networking tools such as ip, ping, traceroute, etc.
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Re: Outbound emails failing with Connection Timeout error

Post by sunnyg »

Hi shawniverson,
So I have been able to narrow it down to the it being something on the host that has started to cause this issue.

if I try to telnet to any external server on port 25 from the efa server the connection times out:

Code: Select all

telnet smtp.office365.com 25
Trying 52.96.88.226...
telnet: connect to address 52.96.88.226: Connection timed out
Trying 52.96.88.210...
telnet: connect to address 52.96.88.210: Connection timed out
Trying 52.96.191.146...
A ping is successful:

Code: Select all

ping smtp.office365.com
PING yyz-efz.ms-acdc.office.com (52.96.191.146) 56(84) bytes of data.
64 bytes from 52.96.191.146 (52.96.191.146): icmp_seq=1 ttl=241 time=22.8 ms
64 bytes from 52.96.191.146 (52.96.191.146): icmp_seq=2 ttl=241 time=21.2 ms
So i know it can reach it

if i try using port 587, then that is successful:

Code: Select all

telnet smtp.office365.com 587
Trying 52.96.215.50...
Connected to smtp.office365.com.
Escape character is '^]'.
220 YT3PR01CA0098.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 27 Apr 2022 13:46:00 +0000


But I try from another server on teh same network and the same telnet connection works:

Code: Select all

telnet smtp.office365.com 25
Trying 2603:1036:30a:1423::2...
Connected to smtp.office365.com.
Escape character is '^]'.
220 YT3PR01CA0145.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 27 Apr 2022 13:20:09 +0000
quit
221 2.0.0 Service closing transmission channel
Based on this I know that my ISP is not blocking port 25, I just can't seem to be able to figure out what on the OS is causing port 25 to be blocked for outgoing messages, incomming messages are arriving without issue.
Last edited by sunnyg on 27 Apr 2022 13:47, edited 2 times in total.
freyuh
Posts: 62
Joined: 04 Oct 2018 11:21

Re: Outbound emails failing with Connection Timeout error

Post by freyuh »

Hello sunnyg,

can you telnet your internal mailserver on port 25?
If yes, than it could be your firewall. Maybe it's blocking your eFa because of to many different connections to external servers on port 25?
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Re: Outbound emails failing with Connection Timeout error

Post by sunnyg »

Hi,

I can telnet to both my Exchange server without issue:

Code: Select all

telnet mail 25
Trying 10.100.1.6...
Connected to mail.
Escape character is '^]'.
220 mail.ghataura.net Microsoft ESMTP MAIL Service ready at Wed, 27 Apr 2022 13:23:09 -0400
I've also turned off the firewall without success.
freyuh
Posts: 62
Joined: 04 Oct 2018 11:21

Re: Outbound emails failing with Connection Timeout error

Post by freyuh »

I meant the firewall which is responsible for the internet access.
Or has your eFa a public IP address? If yes, have you checked the IP as being blacklisted: https://mxtoolbox.com/blacklists.aspx
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Re: Outbound emails failing with Connection Timeout error

Post by sunnyg »

I am using pfsense as the firewall, no changes have been made there, since the last update that was applied over a month ago, logs I know I am not blacklisted, as I checked on mxtoolbox yesterday.

If i set Exchange to by pass efa, emails are going out, but the recieving sever rejects the connection due to it thinking that exchange is trying to use it as a relay server
freyuh
Posts: 62
Joined: 04 Oct 2018 11:21

Re: Outbound emails failing with Connection Timeout error

Post by freyuh »

Does your internet provider has a mail relay you could use?
If i set Exchange to by pass efa, emails are going out, but the recieving sever rejects the connection due to it thinking that exchange is trying to use it as a relay server
Sorry, but this can only be a misconfigured receiving mailserver.
The receiving mailserver doesnt't know if its EXCHANGE or postfix which is sending mails.

Can you please post the exact error message of the receiving server?

Has the EXCHANGE the same public IP as the eFa for outgoing mails?

Maybe you could run a tcpdump on the pfSense?
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Re: Outbound emails failing with Connection Timeout error

Post by sunnyg »

Hi,

Sorry for the delay in getting back in regards to this. So i have been trying a couple of things out.

I have managed to get telnet to connect to a couple of SMTP sites from the EFA server, this fix was found to be setting DNS1="127.0.0.1" and DNS2="::1" in the network adaptor configuration. Not sure why but at least has fixed that issue.

However now EFA is now rejecting all the Exchange server emails, with the folllwing:

Code: Select all

bounced (host gmail-smtp-in.l.google.com[2607:f8b0:4023:1404::1b] said: 550-5.7.26 Unauthenticated email from ghataura.com is not accepted due to 550-5.7.26 domain's DMARC policy. Please contact the administrator of 550-5.7.26 ghataura.com domain if this was a legitimate mail. Please visit 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.26 DMARC initiative. n3-20020a25d603000000b006413723b137si759116ybg.97 - gsmtp (in reply to end of DATA command))
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Re: Outbound emails failing with Connection Timeout error

Post by sunnyg »

Another update,

it now looks like selected servers are now giving the error:

(connect to mxb-00102601.gslb.pphosted.com[67.231.144.228]:25: Connection timed out)
(connect to hotmail-com.olc.protection.outlook.com[104.47.58.33]:25: Connection timed out)

If i send a email to a gmail account the emails are getting delivered, another obersavation I have made is that randomly efa is rejecting the submission of a email with the error : Remote Server returned '554 5.7.1 <email address>: Relay access denied'

but when sending the email again the error does not occur.
Post Reply