The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Should port 25 timeout?

Discussion in 'E-mail Discussions' started by prixone, Aug 23, 2016.

  1. prixone

    prixone Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Right now emails are being delivered just fine, however connection to the port 25 is not possible externally.

    port 25 is bound to all ips:
    Code:
    [root@s ~]# netstat -ltn |grep 25
    tcp  0  0 0.0.0.0:25  0.0.0.0:*  LISTEN
    tcp  0  0 :::25  :::*  LISTEN
    iptables has nothing blocked and smtp rules are set to allow:
    Code:
    [root@master ~]# iptables -L | grep smtp
    ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:smtp
    ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:smtp
    ACCEPT  tcp  --  anywhere  anywhere  multiport dports smtp,urd,submission
    ACCEPT  tcp  --  anywhere  anywhere  multiport dports smtp,urd,submission owner GID match mailman
    ACCEPT  tcp  --  anywhere  anywhere  multiport dports smtp,urd,submission owner GID match mail
    ACCEPT  tcp  --  anywhere  anywhere  multiport dports smtp,urd,submission owner UID match cpanel
    ACCEPT  tcp  --  anywhere  anywhere  multiport dports smtp,urd,submission owner UID match root
    LOGDROPOUT  tcp  --  anywhere  anywhere  multiport dports smtp,urd,submission
    Also checked if my IP was block, and no it was not.

    exim is running and receiving/sending emails, confirmed on the /var/log/exim_mainlog.

    Looked around but no idea how to fix, exim_paniclog is spamming every X minutes:
    Code:
    2016-08-24 00:50:33 Warning: No server certificate defined; TLS connections will fail.
    Suggested action: either install a certificate or change tls_advertise_hosts option
    I did try the only suggestion I found /scripts/updateuserdomains to no avail.

    If I do telnet ip 25 from within the server, it works, if I do from outside it timeouts.

    If I do telnet ip 465 from outside it connects but exim_mainlog throws:
    Code:
    (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    TLS client disconnected cleanly (rejected our certificate?)
    And connection is closed.

    Would love some help here, should port 25 be accessible? How to fix the certificate issues?
     
    #1 prixone, Aug 23, 2016
    Last edited: Aug 23, 2016
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. prixone

    prixone Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Thanks infopro, what about the port 25? It's VPS on a datacenter so I doubt port 25 is blocked by them.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Port 25 is blocked by many ISPs of course, I agree it's probably not blocked by the datacenter though.

    Do you have CSF installed?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    You may also want to check with your hosting provider to verify port 25 isn't blocked at the network level. Some providers block port 25 on purpose as a method of reducing SPAM.

    Thank you.
     
  6. prixone

    prixone Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Yes, I do have csf, but as I early mentioned 25 is not blocked by the firewall and is configured on the in/out of csf as well.

    I will check with my provider, but is there any side effect having it blocked? I tough it was a necessary port for incoming emails and whatnot, but since I am receiving everything just fine, doesn't impose any problems to me.

    And once again, thanks for the prompt answers.

    EDIT: just checked with my provider and their answer was no, port 25 is not blocked at network level, I also tried to completely disable my firewall and even so exim still time out at it.
     
    #6 prixone, Aug 24, 2016
    Last edited: Aug 24, 2016
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  8. prixone

    prixone Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Even thought I appreciate the ticket offer and all the help so far, I did like to find the root of the issue myself, so if you guys remember even the tiniest thing that I could do, let me know.

    I've just used this site Telnet-like TCP/IP Service Testing and tested all the stmp options pertinent to the port 25 and all of it worked.

    So I assume the block happening is perhaps due to the IP's not meting certain requirements, even tough I can't seem to see anything on the /var/log/ about drops oor reject connections from exim or firewall, could there be any other log file I would need to check for to see it?

    Currently using mainlog, exim_mainlog, exim_paniclog, secure.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  10. prixone

    prixone Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Again, Michael, very appreciated for sticking along, thanks!

    SMTP restrictions are off as CSF asks to disable it when using STMP_BLOCK, which from what I read does not block incoming connections to the port 25, and SMTPAUTH_RESTRICT in the link you sent is also turned off.

    Like I early mentioned, I did test that site and on top of that I am not being affect by mail deliveries and such(as I am normally receiving mails, and can send mails from gmail/hotmail to my self just fine), which makes me think its fine. I just found it odd that it doesn't let me connect to the port 25 given its not being blocked. As of now I couldn't find anything that would lead to why that happens, further in, any drop/reject CSF/iptables are shown to /var/log/messages and I can't see my IP there and I can see exim_mainlog receiving connects as well, not from me(my ip), but hotmail and other providers.

    I guess this is pretty much me trying to figure out what is the configuration not allowing me to connect to port 25 while other places can do it.

    Also I don't think it could be my broadband provider since I believe issuing a telnet ip 25 would use a random source port to connect to it right?

    OK, I think that is the only viable thing left, my broadband provider does a wide block on users trying to reach destination port 25.

    Feel silly now, sorry for taking your time, I would expect them from blocking me from creating a smtp server, but I wasn't expecting them from blocking me to globally access any ip on that destination port regardless of my source port.

    Just in case I have sent you my IP, if you don't mind giving a small test to the smtp port just to make this clear I would greatly appreciate.

    ---------------------------

    Bottom line, even if your server provider does not block port 25, does not mean your own home/office internet provider does not block access to the destination port 25.
     
    #10 prixone, Aug 25, 2016
    Last edited: Aug 25, 2016
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm happy to see you were able to address the issue. I've confirmed the IP address you provided is responding to connection attempts over port 25.

    Thanks!
     
    prixone likes this.
Loading...

Share This Page