Testing Exim mail server, timeout with Wormly.com and mxtoolbox.com

[avibodha]

Our server seems to be working fine receiving and sending email, but when I've tested with some online SMTP server testers, it always times out.

SMTP Test / Mail Server Test • Wormly Monitoring

Free SMTP test tool lets you test your SMTP mail server. It connects, verifies the recipient address (with RCPT TO) and sends a test email message so you know your SMTP server is working properly.

www.wormly.com

MX Lookup Tool - Check your DNS MX Records online - MxToolbox (diagnostics, smtp test)

On the WHM, Email Deliverability, we have green marks on all.

Both wormly.com and mxtoolbox.com show timeout errors.
Does a normal Exim cpanel server also do this?

I have another mail server running Webmin/Virtualmin and Postfix and it passes both server tests with no problems.

thanks for any guidance.

Here are wormly results:

Connection: opening to MAIL.MYDOMAIN.COM:25, timeout=300, options=array (
)
Connection: opened
SERVER -> CLIENT: 220-MAIL.MYDOMAIN.COM ESMTP Exim 4.92 #2 Wed, 12 Feb 2020 11:06:05 -0700
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
CLIENT -> SERVER: EHLO tools.wormly.com
SERVER -> CLIENT: 250-MAIL.MYDOMAIN.COM Hello tools.wormly.com [96.126.113.160]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
CLIENT -> SERVER: STARTTLS
SERVER -> CLIENT: 220 TLS go ahead
2020-02-12 18:06:05 SMTP Error: Could not connect to SMTP host.
CLIENT -> SERVER: QUIT
SERVER -> CLIENT: ecurity failure
554 Security failure
SMTP ERROR: QUIT command failed: ecurity failure
554 Security failure
Connection: closed
2020-02-12 18:06:06 SMTP connect() failed. PHPMailer/PHPMailer

MxToolbox shows similar timeout.

 

[kernow]

Check in WHM>>Exim Configuration Manager>> Options for OpenSSL, you should at least have the default +no_sslv2 set.

 

[cPanelLauren]

This is because the site you're using is attempting to connect using SSL with your server that requires TLS connections only. My assumption is that you're receiving this error in the logs:

2020-02-14 13:44:54.883 [2220] TLS error on connection from (tools.wormly.com) [96.126.113.160]:44190 I=[<MYIPADDCRESS>]:25 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

For MXToolbox what is the error you're receiving? Is it something like the following?

Timeout waiting for response after 15 seconds. : Completed Connect

	Test	Result
	SMTP Banner Check	Reverse DNS does not match SMTP Banner	More Info
	SMTP TLS	Warning - Does not support TLS.	More Info
	SMTP Transaction Time	15.188 seconds - Not good! on Transaction Time	More Info

If this is what you're seeing this relates directly to the following in the Exim Configuration which is enabled by default and causes a false positive with MX Toolbox:

Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam. The SMTP receiver will wait a few additional seconds for a connection when it detects spam messages in order to reduce inbound spam. The system excludes the following remote hosts from the delay: Neighbor IP addresses in the same netblock, Loopback addresses, Trusted Mail Hosts, Relay Hosts, Backup MX Hosts, Skip SMTP Checks Host, Sender Verify Bypass Hosts.

 

[avibodha]

this was because of the smtp delay setting.

https://documentation.cpanel.net/display/84Docs/Exim+Configuration+Manager+-+Basic+Editor#ACLOptions
under acl options

Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam. [?]
The SMTP receiver will wait a few additional seconds for a connection when it detects spam messages in order to reduce inbound spam. The system excludes the following remote hosts from the delay: Neighbor IP addresses in the same netblock, Loopback addresses, Trusted Mail Hosts, Relay Hosts, Backup MX Hosts, Skip SMTP Checks Host, Sender Verify Bypass Hosts.

 

[eugenevdm.host]

As of 29 June 2022 the MX Toolbox workaround for funny timeouts and bogus reverse warnings is to add these two hosts belonging to MX Toolbox in Greylisting:

• 18.205.72.90
• 52.55.244.91

Because there is this default: Do not delay the SMTP connections for hosts in the Greylisting “Trusted Hosts” list