Page 1 of 1
Outbound emails failing with Connection Timeout error
Posted: 26 Apr 2022 17:24
by sunnyg
Hello experts,
Over the last 2 days, I have observed that all outbound emails are failing with the error Connection timed out:
Code: Select all
(connect to hotmail-com.olc.protection.outlook.com[104.47.57.161]:25: Connection timed out)
(connect to mxb-00102601.gslb.pphosted.com[67.231.152.222]:25: Connection timed out)
(connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:400b:c00::1b]:25: Network is unreachable)
There has been no configuration changes in EFA other than the standard updates being applied.
Any thoughts on why this may be occurring ?
Re: Outbound emails failing with Connection Timeout error
Posted: 26 Apr 2022 23:03
by shawniverson
If you can't reach port 25 on remote relays, something may be wrong networking-wise.
The problem can probably be troubleshooted with some networking tools such as ip, ping, traceroute, etc.
Re: Outbound emails failing with Connection Timeout error
Posted: 27 Apr 2022 13:38
by sunnyg
Hi shawniverson,
So I have been able to narrow it down to the it being something on the host that has started to cause this issue.
if I try to telnet to any external server on port 25 from the efa server the connection times out:
Code: Select all
telnet smtp.office365.com 25
Trying 52.96.88.226...
telnet: connect to address 52.96.88.226: Connection timed out
Trying 52.96.88.210...
telnet: connect to address 52.96.88.210: Connection timed out
Trying 52.96.191.146...
A ping is successful:
Code: Select all
ping smtp.office365.com
PING yyz-efz.ms-acdc.office.com (52.96.191.146) 56(84) bytes of data.
64 bytes from 52.96.191.146 (52.96.191.146): icmp_seq=1 ttl=241 time=22.8 ms
64 bytes from 52.96.191.146 (52.96.191.146): icmp_seq=2 ttl=241 time=21.2 ms
So i know it can reach it
if i try using port 587, then that is successful:
Code: Select all
telnet smtp.office365.com 587
Trying 52.96.215.50...
Connected to smtp.office365.com.
Escape character is '^]'.
220 YT3PR01CA0098.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 27 Apr 2022 13:46:00 +0000
But I try from another server on teh same network and the same telnet connection works:
Code: Select all
telnet smtp.office365.com 25
Trying 2603:1036:30a:1423::2...
Connected to smtp.office365.com.
Escape character is '^]'.
220 YT3PR01CA0145.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 27 Apr 2022 13:20:09 +0000
quit
221 2.0.0 Service closing transmission channel
Based on this I know that my ISP is not blocking port 25, I just can't seem to be able to figure out what on the OS is causing port 25 to be blocked for outgoing messages, incomming messages are arriving without issue.
Re: Outbound emails failing with Connection Timeout error
Posted: 27 Apr 2022 17:15
by freyuh
Hello sunnyg,
can you telnet your internal mailserver on port 25?
If yes, than it could be your firewall. Maybe it's blocking your eFa because of to many different connections to external servers on port 25?
Re: Outbound emails failing with Connection Timeout error
Posted: 27 Apr 2022 17:25
by sunnyg
Hi,
I can telnet to both my Exchange server without issue:
Code: Select all
telnet mail 25
Trying 10.100.1.6...
Connected to mail.
Escape character is '^]'.
220 mail.ghataura.net Microsoft ESMTP MAIL Service ready at Wed, 27 Apr 2022 13:23:09 -0400
I've also turned off the firewall without success.
Re: Outbound emails failing with Connection Timeout error
Posted: 27 Apr 2022 18:45
by freyuh
I meant the firewall which is responsible for the internet access.
Or has your eFa a public IP address? If yes, have you checked the IP as being blacklisted:
https://mxtoolbox.com/blacklists.aspx
Re: Outbound emails failing with Connection Timeout error
Posted: 27 Apr 2022 19:07
by sunnyg
I am using pfsense as the firewall, no changes have been made there, since the last update that was applied over a month ago, logs I know I am not blacklisted, as I checked on mxtoolbox yesterday.
If i set Exchange to by pass efa, emails are going out, but the recieving sever rejects the connection due to it thinking that exchange is trying to use it as a relay server
Re: Outbound emails failing with Connection Timeout error
Posted: 28 Apr 2022 12:18
by freyuh
Does your internet provider has a mail relay you could use?
If i set Exchange to by pass efa, emails are going out, but the recieving sever rejects the connection due to it thinking that exchange is trying to use it as a relay server
Sorry, but this can only be a misconfigured receiving mailserver.
The receiving mailserver doesnt't know if its EXCHANGE or postfix which is sending mails.
Can you please post the exact error message of the receiving server?
Has the EXCHANGE the same public IP as the eFa for outgoing mails?
Maybe you could run a tcpdump on the pfSense?
Re: Outbound emails failing with Connection Timeout error
Posted: 18 May 2022 02:39
by sunnyg
Hi,
Sorry for the delay in getting back in regards to this. So i have been trying a couple of things out.
I have managed to get telnet to connect to a couple of SMTP sites from the EFA server, this fix was found to be setting DNS1="127.0.0.1" and DNS2="::1" in the network adaptor configuration. Not sure why but at least has fixed that issue.
However now EFA is now rejecting all the Exchange server emails, with the folllwing:
Code: Select all
bounced (host gmail-smtp-in.l.google.com[2607:f8b0:4023:1404::1b] said: 550-5.7.26 Unauthenticated email from ghataura.com is not accepted due to 550-5.7.26 domain's DMARC policy. Please contact the administrator of 550-5.7.26 ghataura.com domain if this was a legitimate mail. Please visit 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.26 DMARC initiative. n3-20020a25d603000000b006413723b137si759116ybg.97 - gsmtp (in reply to end of DATA command))
Re: Outbound emails failing with Connection Timeout error
Posted: 19 May 2022 15:57
by sunnyg
Another update,
it now looks like selected servers are now giving the error:
(connect to mxb-00102601.gslb.pphosted.com[67.231.144.228]:25: Connection timed out)
(connect to hotmail-com.olc.protection.outlook.com[104.47.58.33]:25: Connection timed out)
If i send a email to a gmail account the emails are getting delivered, another obersavation I have made is that randomly efa is rejecting the submission of a email with the error : Remote Server returned '554 5.7.1 <email address>: Relay access denied'
but when sending the email again the error does not occur.