40

I've been attempting to setup mailing lists with GNU Mailman but it's been a complete disaster with tons of road blocks. Postfix is able to receive email but not send it back out at all, I've peeked in the log and this is what I found:

Mar 30 16:35:30 apott-server postfix/smtp[22572]: connect to gmail-smtp in.l.google.com[74.125.142.26]:25: Connection timed out
Mar 30 16:36:01 apott-server postfix/smtp[22572]: connect to alt1.gmail-smtp-in.l.google.com[173.194.76.27]:25: Connection timed out
Mar 30 16:36:31 apott-server postfix/smtp[22572]: connect to alt2.gmail-smtp-in.l.google.com[74.125.131.26]:25: Connection timed out
Mar 30 16:37:01 apott-server postfix/smtp[22572]: connect to alt3.gmail-smtp-in.l.google.com[173.194.67.27]:25: Connection timed out
Mar 30 16:37:31 apott-server postfix/smtp[22572]: connect to alt4.gmail-smtp-in.l.google.com[173.194.65.26]:25: Connection timed out
Mar 30 16:37:31 apott-server postfix/smtp[22572]: A0616100CCB: to=<example@gmail.com>, relay=none, delay=150, delays=0.06/0.01/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[173.194.65.26]:25: Connection timed out)

So clearly something is preventing outgoing email, does anyone have any suggestions on how to fix this?

(Server is an Ubuntu Linux box)

Thanks for any help.

APott
  • 511
  • 1
  • 4
  • 5
  • 3
    What hosting are you using? Could this simply be a case of your machine being hooked up to a network, which will not permit outgoing mail? – kasperd Mar 30 '14 at 20:56
  • @kaspered It's my own machine on my own network. There is ingoing and outgoing mail, I've done it before on different machines, there's something up with this specific one. – APott Mar 30 '14 at 21:06
  • This could be for a huge number of reasons, start by punching in your mailserver ip into MXTOOLBOX [here](http://mxtoolbox.com/diagnostic.aspx), It can happen If your server is on a home class broadband, or you haven't got PTR record for your IP, or your on a black list. – squareborg Mar 30 '14 at 21:33
  • @Shutupsquare It says there aren't any issues. – APott Mar 30 '14 at 21:45
  • Are you using a home class broadband? Or is it a business broadband service? – squareborg Mar 30 '14 at 21:58
  • @Shutupsquare home – APott Mar 30 '14 at 22:04
  • @APott Then give up trying to send email direct. Most email servers will check blacklists and most home broadband IP's are blacklisted to help try and prevent SPAM. If your ISP doesn't block TCP:25 then you could use a smart host to send your email to. – squareborg Mar 30 '14 at 22:09
  • For the record, I have used this to confirm that my email is not going out to the server of/through the gateway and though called ATT again (first time stupid guy said all open). After calling again and talking to tire two was able to get the port open and email went out like a charm. Thanks!! –  Jan 03 '16 at 20:48

3 Answers3

32

Connection timeout means your TCP SYN packets are not getting SYN-ACKs back. This means something must be blocking either the SYNs or the SYN-ACKS.

You can use traceroute to find out how far your SYN packets get

traceroute -n -T -p 25 gmail-smtp-in.l.google.com

Notice that there exist different traceroute commands for Ubuntu. The above command works with traceroute.db, but not with traceroute-nanog or inetutils-traceroute.

It may be useful to run a second traceroute using port 80 rather than port 25 for comparison.

kasperd
  • 29,894
  • 16
  • 72
  • 122
  • 2
    Thanks for the answer. Output is as follows: traceroute to gmail-smtp-in.l.google.com (74.125.142.27), 30 hopsmax, 60 byte packets 1 192.168.1.254 3.567 ms 20.770 ms 20.768 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * – APott Mar 30 '14 at 22:06
  • 4
    That output shows that the SYN packets are not making it outside your own network. The SYN packets are blocked by either 192.168.1.254 or the next router on the path. You can compare the output with another using port 80. – kasperd Mar 30 '14 at 22:10
  • 9
    For anyone who found this question but is on AWS EC2: outgoing SMTP [intentionally rate limited](https://forums.cpanel.net/threads/intermittent-exim-gmail-smtp-connection-timeout.523911/), but you can [ask to have it relaxed](https://aws.amazon.com/forms/ec2-email-limit-rdns-request). – msanford May 31 '16 at 18:50
  • 1
    +1 router used a whitelist of SMTP servers by default ... – Willi Mentzel Apr 18 '18 at 20:55
  • I am having the same issues, do the comparison with port 80 and the results from the traceroute will all make sense! – dustbuster Nov 16 '18 at 15:26
8

This could be unrelated but I'm going to post it here because I had a hard time finding the answer to my question. I was able to get outbound email working from a vagrant virtual box by editing my /etc/resolv.conf to use Google's nameserver rather than the 10.0.x.x IP it was set to:

sudo vi /etc/resolv.conf

Change the nameserver IP:

nameserver 8.8.8.8

Then you'll need to restart postfix:

sudo /etc/init.d/postfix restart
jrode
  • 191
  • 1
  • 1
  • This was exactly what I was looking for on my vagrant box. Thanks! – styks Feb 24 '15 at 21:35
  • 2
    not my question to accept. – styks Feb 26 '15 at 19:22
  • 1
    I think this is unrelated since traceroute was able to resolve the hostname to an IP address. I don't think postfix says `Connection timed out` when DNS resolution fails, because that would be misleading. – kasperd May 30 '15 at 14:39
  • @kasperd I was getting `Connection timed out` same as in the question, and this worked for me too. Mine has 2 IPv6 nameservers, then 8.8.8.8 - commenting out the two IPv6 ones so it was only 8.8.8.8 worked for me. However, this file is dynamically generated and could be overwritten at any time, so this isn't a final solution, but at least it provides a good clue how to continue.. – Izkata Feb 18 '21 at 03:48
  • Looks like on mine the IPv6 address for `gmail-smtp-in.l.google.com` times out, but the IPv4 address for the same works..? So actually mine isn't perfectly the same as in the question. – Izkata Feb 18 '21 at 03:50
  • Wellp, now that I know what to look for - [DigitalOcean blocks SMTP over IPv6](https://ideas.digitalocean.com/ideas/DO-I-1366), it's not a resolution/network/google thing for me. – Izkata Feb 18 '21 at 04:02
2

Setup a relay host to your isp smtp server, in: /etc/postfix/main.conf

then reload: sudo service postfix reload

Diego
  • 21
  • 1
  • 21
    IT would be useful to explain which setting that is i.e. `relayhost` and maybe explain first the cause of the OP's problem: that to battle spam many consumer ISP's block outgoing mail and force users to use their SMTP servers. – HBruijn Feb 22 '15 at 08:17