Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
Unable to send and forward emails from Plesk server to external servers either completely or intermittently, causing mail queue to fill up.
-
Emails cannot be sent by using PHP script.
-
Emails between domains served by Plesk can be sent.
-
One of the following errors may be found in
/var/log/maillog
:Postfix
CONFIG_TEXT: postfix/smtp[27746]: E3B24978700: to=john.doe@example.com, relay=none, delay=537, delays=446/0.02/91/0, dsn=4.4.1, status=deferred (connect to example.com[203.0.113.2]:25: Connection timed out)
CONFIG_TEXT: postfix/smtp[15684]: connect to example.com[203.0.113.2]:25: Connection timed out
CONFIG_TEXT: postfix/smtp[27746]: E3B24978700: to=john.doe@example.com, relay=none, delay=537, delays=446/0.02/91/0, dsn=4.4.1, status=deferred (connect to example.com[203.0.113.2]:25: Connection refused)
QMail
CONFIG_TEXT: qmail: 1491974064.856278 delivery 8214: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)
-
On Windows the error below may be found in MailEnable > Servers > localhost > Services and Connectors > SMTP > Logs > Debug > SMTP-Debug-xxxx.log:
CONFIG_TEXT: ME-E0038: [FFEFCD05AA0A4CE9B2E74C7CAA6D8FE5.MAI] Communications Error: Socket connection to mx1.example.net failed (error 10060). The host was either not contactable or it rejected your connection. Socket Family = 2; Host=203.0.113.2; Port=25
Note: There might be a Smart Host configured for SMTP.
-
The firewall on the Plesk server does not restrict connections to port 25.
-
Outbound connections via port 25 from Plesk server are restricted either completely or intermittently:
# telnet smtp.gmail.com 25
Trying 203.0.113.2...
telnet: connect to address 203.0.113.2: Connection refused
Cause
Port 25 is blocked for outbound connections.
Sometimes internet service providers (ISP) can restrict or limit outbound/inbound connections on port 25 due to security reasons. Also, the Google Cloud platform has such port blocked by default, and services like Google Workspace (former G Suite) should be used to send mail.
Resolution
Note: Networking tasks and the local firewall configuration are the activities that should be handled by the Plesk server administrator, as Plesk is a part of the server infrastructure and relies on local network settings.
Note: Once port 25 is opened by your hosting/cloud provider and mail starts to work, you may safely close the message about TCP port 25 is blocked in Plesk at Tools & Settings > Mail Server Settings.
Note: For an example of mail relay configuration, refer to our official Udemy course.
Here are the general troubleshooting steps:
-
Make sure that the local firewall does not cause the issue. Stop the service temporarily and try to send mail or open mail port under Plesk > Tools & Settings > Firewall;
-
If the issue still persists, it means that the cause is outside of the Plesk server. In that case, contact the network administrator and discuss if port 25 can be added to the allowed ones or not.
If any of the Cloud Services are used, it is needed to check the firewall on the Cloud Service’s side.
Comments
7 comments
Hello,
In our server whenever I visit
Home > Tools & Settings > Server-Wide Mail Settings
on the top of the page I get the message
However while searching in
/var/log/maillog
I spotted a timeout error likepostfix/smtp[15684]: connect to example.com[203.0.113.2]:25: Connection timed out
where example.com is an old, out of business mail provider. (Apparently a user is trying to send to an outdated email address)
Is it possible that we get the warning because of this error? Is this working as intended?
Thank you
Hello Aristeidis Vlachopanos ,
This error means that connection outside the server on port 25 is not possible. you could check it from the server, for example to google servers:
telnet aspmx.l.google.com 25
Usually this port is blocked by default on Cloud servers such as Google cloud and AWS, contact them in order to check the status of 25 port.
Hi Lev Iurev
Im facing the same problem, i tried telnet aspmx.l.google.com 25 and got onnected, but the message still there.
This is after following the guidelines from Plesk support, contacting amazon cloud and get the port 25 limitations removed.
The conclusion is that Plesk guidelines didn't work, any suggestion would be appreciated.
@Omar Tirhaka Please create a ticket to our support team and describe the current status of the issue.
I can telnet to the localhost on port 25 and 587. I can telnet to the ports from external servers not on that network. plesk firewall rules are set correctly. I'm thinking this is a SSL handshake issue, but I'm not getting enough info from the logs for see what's going on. mail sent with sendmail works.
TCP port 25 is OPEN
Plesk Firewall is OFF
The new server has the same problem that the old server did not.
Hello, Adel A
The article describes the scenario in which the outbound traffic towards an external 25/tcp gets rejected/dropped.
Therefore, opening port/disabling local firewall isn't enough and further investigation on the networking level is required. As it described above, some ISP/hosting services do block this traffic to avoid spam.
Please sign in to leave a comment.