Mail Can Be Received, but Sending Fails
=======================================
One of the most common reasons that mail may not be able to be sent from the server
is that port 25 is blocked. This may be due to internal, or external firewall
settings, or a limitation by the VPS provider (for example, `Digital Ocean disables
port 25 by default `_). Azure is also known to
block port 25.
This can also be caused by the receiving server rate limiting the sending IP, or
that IP having been put on an RBL or internal blacklist.
.. contents::
To Check If Port 25 Is Disabled
-------------------------------
Using Telnet
^^^^^^^^^^^^
`Telnet `_ is a tool that can be used to check the ability for one server to
communicate with another over a specific port. If the connection times out,
it may be an indication that the port is blocked, or disabled.
#. Log in to the server at the CLI as root, either via SSH or from the terminal
#. At the CLI, use the ``telnet`` command to attempt to connect to an
**outside mail server** over port 25, replacing {mail.server.com} and {port}
with the corresponding information
.. code-block::
telnet {mail.server.com} {port}
Example, using the mail server for gmail:
.. code-block::
[root@server ~]# telnet smtp.gmail.com 25
Trying 142.251.4.108...
telnet: connect to address 142.251.4.108: Connection timed out
[root@server ~]#
Example of a successful connection, using the mail server for gmail:
.. code-block::
[root@server ~]# telnet smtp.gmail.com 25
Trying 142.251.4.109...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 smtp.gmail.com ESMTP g1sm659533iob.34 - gsmtp
^]
telnet> quit
Connection closed.
[root@server ~]#
Using SWAKS
^^^^^^^^^^^
`SWAKS `_ is a command line tool that can be used test email connectivity. If there is
an error connecting, it may be an indication that the port is disabled or blocked.
#. Log in to the server at the CLI as root, either via SSH or from the terminal
#. At the CLI, use the ``swaks`` command to send a test message, replacing
{remote email address}, and {local email address} with the corresponding
information. (In the following examples, the email addresses were replaced
with dummy accounts, just for the purpose of demonstration. Real accounts
should be used for this troubleshooting step).
.. code-block::
swaks --to {remote email address} --from {local email address}
Example, using attempting to send to gmail:
.. code-block::
[root@server ~]# swaks --to user@gmail.com --from user@testaccount.com
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "C.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
=== Trying gmail-smtp-in.l.google.com:25...
*** Error connecting to gmail-smtp-in.l.google.com:25
*** IO::Socket::INET6: connect: Connection timed out
[root@server ~]#
Example of a successful test message:
.. code-block::
[root@server ~]# swaks --to user@gmail.com --from user@testaccount.com
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "C.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
=== Trying gmail-smtp-in.l.google.com:25...
=== Connected to gmail-smtp-in.l.google.com.
<- 220 mx.google.com ESMTP w142si10376273ybe.323 - gsmtp
-> EHLO server
<- 250-mx.google.com at your service, [3.134.79.100]
<- 250-SIZE 157286400
<- 250-8BITMIME
<- 250-STARTTLS
<- 250-ENHANCEDSTATUSCODES
<- 250-PIPELINING
<- 250-CHUNKING
<- 250 SMTPUTF8
-> MAIL FROM:
<- 250 2.1.0 OK w142si10376273ybe.323 - gsmtp
-> RCPT TO:
<- 250 2.1.5 OK w142si10376273ybe.323 - gsmtp
-> DATA
<- 354 Go ahead w142si10376273ybe.323 - gsmtp
-> Date: Thu, 27 Jan 2022 16:54:23 -0500
-> To: user@gmail.com
-> From: user@testaccount.com
-> Subject: test Thu, 27 Jan 2022 16:54:23 -0500
-> Message-Id: <20220127165423.030941@rctest.jenna>
-> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
->
-> This is a test mailing
->
-> .
<- 250 ok 1643320025 qp 4063
-> QUIT
<- 221 gmail-smtp-in.l.google.com
=== Connection closed with remote host.
[root@server ~]#
Using Traceroute
^^^^^^^^^^^^^^^^
`Traceroute `_
is a command line tool that can be used to check for connectivity
over a specific port. If it does not report any traffic, the port may be disabled
or blocked.
#. Log in to the server at the CLI as root, either via SSH or from the terminal
#. At the CLI, use the ``traceroute`` command to attempt to connect to an
**outside mail server** over port 25, replacing {mail.server.com} and
{port} with the corresponding information
.. code-block::
traceroute {mail.server.com} {port}
Example, using the mail server for gmail:
.. code-block::
[root@server ~]# traceroute smtp.gmail.com 25
traceroute to smtp.gmail.com (74.125.71.108), 30 hops max, 52 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
[root@server ~]#
Example of a successful connection, using the mail server for gmail:
.. code-block::
[root@server ~]# traceroute smtp.gmail.com 25
traceroute to smtp.gmail.com (142.251.4.108), 30 hops max, 52 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 241.0.12.203 (241.0.12.203) 0.252 ms 241.0.12.195 (241.0.12.195) 0.180 ms 241.0.12.203 (241.0.12.203) 0.234 ms
6 243.254.8.13 (243.254.8.13) 0.202 ms * *
7 108.166.252.63 (108.166.252.63) 0.171 ms * *
8 242.0.107.85 (242.0.107.85) 0.300 ms 242.0.107.65 (242.0.107.65) 0.408 ms 242.0.106.85 (242.0.106.85) 0.263 ms
9 * 15.230.135.105 (15.230.135.105) 0.564 ms *
10 * * *
11 52.95.2.155 (52.95.2.155) 0.399 ms * *
12 * * *
13 * * *
14 * * *
15 * * *
16 100.92.49.107 (100.92.49.107) 10.655 ms * *
17 52.93.132.62 (52.93.132.62) 10.874 ms * *
18 100.91.163.4 (100.91.163.4) 10.854 ms * 100.91.163.120 (100.91.163.120) 10.561 ms
19 * * 100.91.163.85 (100.91.163.85) 10.799 ms
20 * * *
21 * * *
22 * 100.91.177.159 (100.91.177.159) 10.636 ms *
23 * * 100.100.6.121 (100.100.6.121) 106.973 ms
24 * 100.100.88.134 (100.100.88.134) 10.987 ms 100.100.92.6 (100.100.92.6) 10.923 ms
25 * * *
26 * 100.100.2.46 (100.100.2.46) 10.551 ms *
27 100.95.7.1 (100.95.7.1) 10.695 ms * *
28 * * *
29 * 108.170.240.97 (108.170.240.97) 11.820 ms 99.82.181.25 (99.82.181.25) 10.917 ms
30 * 108.170.240.98 (108.170.240.98) 11.578 ms *
[root@server ~]#
To Check For Rate Limiting
--------------------------
If there is a larger than normal number of messages that are being sent from the server,
remote servers may temporarily rate limit the sending IP as a spam prevention
method. Indication of this can often be found in the qmail ``send`` log.
#. Log in to the server at the CLI as root, either via SSH or from the terminal
#. At the CLI, navigate to ``/var/log/send/``
#. The ``current`` log includes the most recent mail traffic, though it may be
necissary to investigate the rotated logs, as well. Messages that have been
rate limited will have logging similar to the following (spaces added for
readability):
.. code-block::
Our_system_has_detected_an_unusual_rate_of/421-4.7.0_unsolicited_mail_originating_from_your_IP_address.
_To_protect_our/421-4.7.0_users_from_spam,_mail_sent_from_your_IP_address_has_been_temporarily/421-4.7.0_rate_limited.
_Please_visit_http://www.google.com/mail/help/bulk_mail./421_4.7.0_html_to_review_our_Bulk_Email_Senders_Guidelines._mx10si15710063icb.32_-_gsmtp/
To Check If the IP is Blacklisted
---------------------------------
If a server has been compromised or there have been reports of spam made
against the IP address, that IP may be added to an `RBL `_
or Remote Block List (also known as a Realtime Blackhole List).
If the sending IP is blacklisted, and there is more than one IP on the server,
it is possible to change the IP that mail is sent from. Information on how to do
so can be found :doc:`here `.
- There are many websites that can be used to check the RBL status of an IP or domain,
such as:
- `Whats My IP `__
- `MX Toolbox `__
- Many email providers will check against an internal black list. It is recommended to
contact their support directly, if possible, to check the IP or domain's potential blacklist
status.