Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
Unable to send and forward emails from Plesk server to external servers either completely or intermittently, causing mail queue to fill up.
-
Emails cannot be sent by using PHP script.
-
One of the following errors may be found in
/var/log/maillog:Postfix
CONFIG_TEXT: postfix/smtp[27746]: E3B24978700: to=john.doe@example.com, relay=none, delay=537, delays=446/0.02/91/0, dsn=4.4.1, status=deferred (connect to example.com[203.0.113.2]:25: Connection timed out)
CONFIG_TEXT: postfix/smtp[15684]: connect to example.com[203.0.113.2]:25: Connection timed out
CONFIG_TEXT: postfix/smtp[27746]: E3B24978700: to=john.doe@example.com, relay=none, delay=537, delays=446/0.02/91/0, dsn=4.4.1, status=deferred (connect to example.com[203.0.113.2]:25: Connection refused)
QMail
CONFIG_TEXT: qmail: 1491974064.856278 delivery 8214: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)
-
On Windows the error below may be found in MailEnable > Servers > localhost > Services and Connectors > SMTP > Logs > Debug > SMTP-Debug-xxxx.log:
CONFIG_TEXT: ME-I0018: [0BCF8603898D4D25B155B5AFF7FB0FA4.MAI] Outbound message from ([SMTP:john.doe@example.com]) requeued as [FFEFCD05AA0A4CE9B2E74C7CAA6D8FE5.MAI] to the target domain [example.net]
ME-I0123: Domain [example.net] has MX list [mx1.example.net,mx2.example.net]
ME-I0026: [FFEFCD05AA0A4CE9B2E74C7CAA6D8FE5.MAI] Sending message
ME-IXXXX: [FFEFCD05AA0A4CE9B2E74C7CAA6D8FE5.MAI] DNS resolved to the following record: IP Address=203.0.113.2, Family=2, Type=1, Protocol=6
ME-E0038: [FFEFCD05AA0A4CE9B2E74C7CAA6D8FE5.MAI] Communications Error: Socket connection to mx1.example.net failed (error 10060). The host was either not contactable or it rejected your connection. Socket Family = 2; Host=203.0.113.2; Port=25 -
Local mail delivery between domains in Plesk works.
-
Outbound connections via port 25 from Plesk server are restricted either completely or intermittently:
# telnet smtp.gmail.com 25
Trying 203.0.113.2...
telnet: connect to address 203.0.113.2: Connection refused -
Firewall on the Plesk server does not restrict connections to port 25.
Cause
Port 25 is blocked for outbound connections.
Sometimes internet service providers (ISP) can restrict or limit outbound/inbound connections on port 25 due to security reasons. Also, Google Cloud platform has such port blocked by default and services like G Suite should be used to send mail.
Resolution
Note: Networking tasks and the local firewall configuration are the activities that should be handled by Plesk server administrator, as Plesk is a part of the server infrastructure and relays on local network settings.
Note: Once port 25 is opened by your hosting/cloud provider and mail starts to work, you may safely close the message about TCP port 25 being blocked in Plesk at Tools & Settings > Mail Server Settings.
Note: For example of mail relay configuration, refer to our official Udemy course.
Here are general troubleshooting steps:
-
Make sure that the local firewall does not cause the issue. Stop the service temporarily and try to send mail or open mail port under Plesk > Tools & Settings > Firewall;
-
If the issue still persists, it means that the cause is outside of the Plesk server. In that case, contact network administrator and discuss if port 25 can be added to allowed ones or not.
If any of Cloud Services are used, it is needed to check the firewall on the Cloud Service’s side.
| Cloud Provider | References to unlock SMTP ports |
|---|---|
| Google Cloud |
Outbound connections to port 25 are limited by default to prevent outgoing spam. |
| Amazon (AWS) |
outbound connections to port 25 are limited by default to prevent outgoing spam. AWS: How do I remove the throttle on port 25 from my EC2 instance |
| Microsoft Azure | Azure blocks port 25 for new users. Submit a request by using the following link: Subscription Management Problem type: Request to enable Port 25 email flow |
| Use a third-party service like SendGrid. Create a SendGrid account and configure Postfix to use SendGrid as a relay. | |
| Vultr | To unlock port 25 follow: https://www.vultr.com/docs/what-ports-are-blocked |
| Nitrado | Block the ports 25, 465 and 587 by default but can unlock them (see point 3) https://server.nitrado.net/eng/pages/cloud_server_tos |
| OVH | Configure firewall on port 25: https://docs.ovh.com/ca/en/dedicated/firewall-network/ |
| Alibaba Cloud Alibaba ECS instances |
Apply the form to enable TCP port 25. |
| Scaleway | Ports 25, 465 and 587 can be unlocked: https://www.scaleway.com/en/faq/why-can-i-not-send-any-email/ |
Additional information
How to configure Postfix to send email from a Google Cloud server using SendGrid?
How to configure MailEnable to send emails on Google Cloud Platform instance?
Comments
4 comments
Hello,
In our server whenever I visit
Home > Tools & Settings > Server-Wide Mail Settings
on the top of the page I get the message
However while searching in
/var/log/maillogI spotted a timeout error likepostfix/smtp[15684]: connect to example.com[203.0.113.2]:25: Connection timed out
where example.com is an old, out of business mail provider. (Apparently a user is trying to send to an outdated email address)
Is it possible that we get the warning because of this error? Is this working as intended?
Thank you
Hello Aristeidis Vlachopanos ,
This error means that connection outside the server on port 25 is not possible. you could check it from the server, for example to google servers:
telnet aspmx.l.google.com 25
Usually this port is blocked by default on Cloud servers such as Google cloud and AWS, contact them in order to check the status of 25 port.
Hi Lev Iurev
Im facing the same problem, i tried telnet aspmx.l.google.com 25 and got onnected, but the message still there.
This is after following the guidelines from Plesk support, contacting amazon cloud and get the port 25 limitations removed.
The conclusion is that Plesk guidelines didn't work, any suggestion would be appreciated.
@Omar Tirhaka Please create a ticket to our support team and describe the current status of the issue.
Please sign in to leave a comment.