Connecting to remote SMTP mail server

  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

When you send e-mails via a server all it does is connect to port 25 outbound like you are currently trying to do. Exactly the same thing as far as any firewall is concerned, and thus it is likely blocked. Did you contact your web host?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

I am not sure what to ask my host.

If they are blocking outbound port 25, how would I convince them to open it.

As mentioned, I really do not want to send emails. All I want to do is to be able to validate an email address.

Is it possible for them to block email data but still allow outbound connection?
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

It has nothing to do with blocking e-mail data, it has to do with blocking port 25 outbound. Anything that originates from the server you are located on to any external server is always OUTBOUND. Doesn't matter what port you connect to. In your case you are also trying to connect to port 25 while you are outbound to an external server, which is the same port that would be used to send e-mail. In your case you are not sending e-mail but it has nothing to do with that. It simply has to do with the port number and the fact you are outbound, and that your host is most likely blocking that combination of port 25 and being outbound from the server.

Simply ask your webhost if they block port 25 outbound, as you noticed you are having troubles with one of your scripts connecting to an external server via that port.
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

I have tried to speak to my hosting company but I had to do it via email so I do not know when to get an anwser.

I have a couple of questions:

1) If I switch hosting to OZZU, will I have the same problem

2) If I do switch, how is this done for my existing websites. I do not have a clue how to do this.

3) would you guide me on how to do this.

4) what would it cost to be hosted on OZZU.

5) I currently have a domain and another domain on it which they put as a subdomain but is actually a new domain name completely
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Unfortunately you will due to how our firewall is configured. I will show you the settings for our firewall for the portion that would be blocking your script from working:

Code: [ Select ]
###############################################################################
# SECTION:SMTP Settings
###############################################################################
# Block outgoing SMTP except for root, exim and mailman (forces scripts/users
# to use the exim/sendmail binary instead of sockets access). This replaces the
# protection as WHM > Tweak Settings > SMTP Tweaks
#       
# This option uses the iptables ipt_owner/xt_owner module and must be loaded
# for it to work. It may not be available on some VPS platforms       
#
# Note: Run /etc/csf/csftest.pl to check whether this option will function on
# this server    
SMTP_BLOCK = "1"

# If SMTP_BLOCK is enabled but you want to allow local connections to port 25
# on the server (e.g. for webmail or web scripts) then enable this option to
# allow outgoing SMTP connections to the loopback device
SMTP_ALLOWLOCAL = "1"

# This is a comma separated list of the ports to block. You should list all  
# ports that exim is configured to listen on
SMTP_PORTS = "25"
  1. ###############################################################################
  2. # SECTION:SMTP Settings
  3. ###############################################################################
  4. # Block outgoing SMTP except for root, exim and mailman (forces scripts/users
  5. # to use the exim/sendmail binary instead of sockets access). This replaces the
  6. # protection as WHM > Tweak Settings > SMTP Tweaks
  7. #       
  8. # This option uses the iptables ipt_owner/xt_owner module and must be loaded
  9. # for it to work. It may not be available on some VPS platforms       
  10. #
  11. # Note: Run /etc/csf/csftest.pl to check whether this option will function on
  12. # this server    
  13. SMTP_BLOCK = "1"
  14. # If SMTP_BLOCK is enabled but you want to allow local connections to port 25
  15. # on the server (e.g. for webmail or web scripts) then enable this option to
  16. # allow outgoing SMTP connections to the loopback device
  17. SMTP_ALLOWLOCAL = "1"
  18. # This is a comma separated list of the ports to block. You should list all  
  19. # ports that exim is configured to listen on
  20. SMTP_PORTS = "25"


Basically the way we have our server setup is to only allow scripts to access port 25 via using the exim/sendmail binary (ie the PHP mail function). Direct socket access would be denied for outbound on port 25, and that is exactly what you are doing. The only time direct socket access would work on our server is if you are connected to the loopback device, or in other words 127.0.0.1.

So it looks like the way I have our servers configured is exactly the same way your host is doing it. Keep in mind this is the default and recommended settings for the firewall we are using. If your webhost by chance uses the same firewall that we are (a very common one for CPanel based servers) then your script would likely be able to send out e-mail using the exim/sendmail binary, but would not be able to do anything via sockets either -- that might further clarify what is going on for you.

With that said I may be open to working with you to connecting to a random port I setup which I would configure to forward to port 25 on the outside. For example in your script instead of connecting to port 25, I might have you connect to a random port such as 23481, and our firewall would do port forwarding and actually connect via port 25 on the outside. Either that or some sort of port knocking to ensure that only you are doing it.

So for your first question at this moment it looks like you would have the same problem.

For your second question, I could assist with transferring -- the difficulty depends on exactly how you are setup, if you are using any databases such as with MySQL, etc.

For your third question, yeah we would have to work together for that process -- I may need access to your host.

For your fourth question, take a look at all of our shared hosting prices. The prices shown there are for 3 year terms. We can do monthly, quarterly, semi-annually, yearly, 2 year, and 3 year. The longer the term, the better the prices. You can see the prices for different terms if you click on "Buy" for one of those packages.

For your fifth question, I am not sure I saw a question there? If you are asking if you can have subdomains or addon domains with us, yes you can, but different packages have different limits to how many you can have.
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

Hi BWM

Thanks for your reply.

Of all the hosting companies I have you are the only one that has been helpful.

I am actually thinking of cancelling one webhosting company and coming with you as your prices are reasonable.

The websites on that hosting are not doing too good so I want to completely revamp them.
I will back them up completely and delete them.

I guess I then need help on how to change name servers to point to OZZU name servers instead.

I do have some SQL databases, but I believe I can duplicate them anew, with your help if needed.

Anyways, I am waiting for a response. If they say no, I will contact you how setting up a hosting package.

I just now need to be sure of the following:

1) Once I setup my website on OZZU, I will put my script there. I assume that I send out on port 25 and receive back on port 25 which also would get forwarded to whatever port you use. I am asking becuase I am not quite sure how port forwarding works for outbound and inbound.

2)Now, I need to validate email addresses on my membership website so I will put a link there to OZZU website. I have to do this because my membership website is big and complicated and I really cannot afford to move it at this time. Besides, I think I will really screw things as there is too much to move.
Will this be a problem?

Thanks
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Quote:
Of all the hosting companies I have you are the only one that has been helpful.


Sorry to hear that none of the hosting companies you have aren't trying to help you :(

Quote:
I guess I then need help on how to change name servers to point to OZZU name servers instead.


Where did you register your domain name(s)?

Quote:
1) Once I setup my website on OZZU, I will put my script there. I assume that I send out on port 25 and receive back on port 25 which also would get forwarded to whatever port you use. I am asking becuase I am not quite sure how port forwarding works for outbound and inbound.


At the moment you will have the same problem with us, and if I created a work-around for you, I would have you use a different port than 25. So as far as your script is concerned, you would be using some random port that I provide you. On my end where you don't have control I would configure our firewall to do some port forwarding for you from that random port that you connect via to port 25 on the outbound side. I would like to test that before you move to us so I can be sure it works and am not wasting your time moving to us and still having the same issues.

Quote:
2)Now, I need to validate email addresses on my membership website so I will put a link there to OZZU website. I have to do this because my membership website is big and complicated and I really cannot afford to move it at this time. Besides, I think I will really screw things as there is too much to move.
Will this be a problem?


Not exactly sure I am following what you are wanting to do there? When you say Ozzu website, are you referring to ozzu.com itself, or one of the websites that you might be moving to one of Ozzu's servers?
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

What I meant was when I have my website on OZZU hosting then I will link to it
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Okay that makes sense then :)

Do you have another domain, or can you delegate authority of a subdomain off your main to host on our servers so that you can point to our servers until you can afford to move your main site? You would need at least some sort of domain on our side if you want to use some of our services.
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

My hosting company got back to me and said they opened up both port 25 and 587.

To test them I used the script you gave me to connect to your smtp server using both port 25 and 587

When using port 587, I was able to connect to your server.
However, when I used port 25, I was not able to connect.

They advised me that both port 25 and 587 are open for TCP and UDP connections.

I am at a lost here.
If I can connect to 587 why not also to 25.

They swear they are the same and should be work.

But they don't and I have no idea why 25 doesn't work.

Do you have any possible ideas as to why one works and not the other.
This is driving me crazy
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

hey BWM

My hosting company insists that port 25 is not being blocked by their firewall.

When I try to connect to your mail server I can only connect on port 587 not port 25.

Before this drives me crazy, can you give me an possible ideas of what is going on.

I am assuming they are telling me the truth, but if port 587 is open this tends to make me think may be port 25 is not open.

I do not really know how to argue with them anymore.
I told them I am using a socket connection.

They say the port is set for both tcp and udp.
I have read that smtp uses only tcp only, but then they tell me that port 587 also uses both tcp and udp.

I do not know what else to do here

Please help
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Ask them what sort of firewall they are using. If they happen to be using the same as me, it could be very well that port 25 is open, however, look at that other option I posted above which blocks the majority of users still except for privileged accounts. I am sure other firewalls have similar settings.
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

Hi BWM

I am not quite sure I understand the option

Should I just copy the above on # SECTION:SMTP Settings
I am not sure what they all mean.

How could I put it to them in simple words that I would understand and also them, just in case.

This sounds like it may be the problem

What is so different about smtp port 587
Although it works, I cannot really use it as my intent is not to send emails, but only to connect with mail servers that apparantely all listen on port 25.

Please give me a few simple words I can relay back to them that I also will be able to understand

Thanks
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Port 587 is typically used for an inbound connection from a user who wants to send out e-mail from that same server or another server on port 25 (outbound). Port 25 is what is used to send and receive e-mail through servers (in other words relay the messages). Port 587 does not do that.

As far as the server. Are they using CPanel, or some other software. You can usually tell when you login to manage your hosting settings.

Second, just ask them what sort of firewall are they using? If they mention that they are using CSF, then I could tell you precisely what they need to do. They should be able to manage their own equipment though, if not they shouldn't be in this business.

If you are working with a low level tech every time you call them, it could be very difficult to get anything resolved. If however, you are working with someone who actually can go in an change things, its possible they can help resolve this.
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

Hi

Yes, they are using CPanel.

I will ask them what firewall they are using.
Do you think they will tell me and should I mention CSF or leave it to them.

I think I am working with someone who can change things, because they did indicate that they did open the port for me and then double checked it was open.

Based on what I read above, I also want to mention that although port 25 may be open, since I can socket to 127.0.0.1, that maybe firewall is preventing me from direct socket connection.

what do you think
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

Sorry

I saw you were off-line and had to get back to them so I mentioned everything stated above.

Hope this does not cause a problem
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

I think that it is likely they are doing exactly what we discussed here, and probably just are not aware of that option. Ask them what firewall they are using, and if it is CSF explain those options to them that they need to change.
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

I asked them about their firewall, direct socket connection and all that and they came back to me with one sentence"

"You may get the issue because 25 port is already being listened by mail server. And your socket conflicts"

When I saw this I lost it completely.
I have it in writing that they promised me access to port 25 and I had told them that I used a socket connection, Now after 3 days they tell me there is a conflict when they were trying to make it work for m.

They have an option to forward complainst to their CEO and I went on the live chat and told them I was disgusted with their support to forward my issue to their CEO.

They kept insisting "As I already told you this port is already dedicated to SMTP server"

For which I replied I was told I would have access to port 25 for which they say "you was told that port is opened on firewall".
If a port is opened especially for me on firewall then I should have access to it.

After various threats back and forth, they indicated they would escalate the issue with their admins. Not absolutely sure what this means but it better be possitive.

I really find this hard to believe what I am going through.

What do you think about their comments and my so called conflict
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

Hi BWM

This is their response:

"We have checked it yet again, and port 25 is indeed opened for both inbound and outbound connections. Additionally, we 've checked the firewall, and it does not interfere with port 25 in any way. Thus, if you are still having the problems, we suggest you review you connection methodology."

I am still trying to get what their firewall is
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

With the way they respond, I am not sure I would have much faith in them figuring anything out. Secondly you aren't trying to connect to port 25 inbound (you would only do that if you used address 127.0.0.1 and that works fine), you are trying to connect to port 25 outbound which is not on your host's server.

Quote:
You may get the issue because 25 port is already being listened by mail server. And your socket conflicts


You are not connecting to any daemon that is listening on port 25 on their server, so their comments make absolutely no sense. Why would that stop your script from working? When you are trying to connect to port 25 outbound, that means you are trying to connect to port 25 on someone else's server. I predict their firewall is simply not letting you through to do that.

Curious to what the firewall is when you find out.
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

You can see now what I have been going through

Based on what I saw for your firewall, I was wondering about the following:

Port 587 outbound works fine.
Tell them to look at the SECTION:SMTP Settings in their firewall.
Since port 587 works then for port 587, they probably have SMTP_BLOCK = "0"

I assume the same holds for port 25 outbound but in this case they probably have SMTP_BLOCK = "1"

I am not sure of the order or if I am saying the above correctly.

The question then is how do they unblock port 25 outbound.
For port 25, would they then simply change to SMTP_BLOCK = "0" or is it a little more complicated than that.

I am assuming that they have CSF like you do.

Any changes or corrections to above or order of sequences would be appreciated.

I strongly believe if I do not tell them exactly what to look for this is never going to be resolved.

If I give them a systematic approach to the issue, then this might have a quicker resolution, hopefully that is.
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

If they are using CSF, then yes, putting:

SMTP_BLOCK = "1"

to

SMTP_BLOCK = "0"

Would most likely resolve the issue if they are willing to do that for you. They need to make sure they restart CSF after making the changes.

There is only one section like this in the firewall, not multiple for multiple ports. Typically they can change SMTP_BLOCK to being on or off, and then specify one or more ports that gets blocked from it.
  • wpas
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: Canada

Post 3+ Months Ago

Hi BWM

I do not know how they did it, but I now have access to port 25 outbound.

I think all the help you gave me lead to them doing this for me.

I do not know for sure, but they might actually have a CSF firewall, but cannot be sure.

Again, thanks for all your help. I don't think this would have happened without your great input.
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

No problem, glad I could be of help :)

Hopefully your host knows their firewall a bit better now too! If they ever respond explaining what they did would be curious if they took the advice I gave, or found something else causing issues.
  • Zealous
  • Guru
  • Guru
  • User avatar
  • Posts: 1240
  • Loc: Sydney

Post 3+ Months Ago

You deserve a medal BWM, seriously i have been watching this post for weeks now.

Someone get that man a beer.
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9086
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Thanks Zealous :)

A beer does sound good right about now!

Post Information

  • Total Posts in this topic: 56 posts
  • Users browsing this forum: No registered users and 114 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.