Unable to send emails using Plesk local mail server: Connection timed out or connection refused. (#4.4.1) – Plesk Help Center

Applicable to:

Plesk for Linux

Symptoms

Unable to send and forward emails from Plesk server to external servers either completely or intermittently, causing mail queue to fill up.
One of the following errors may be found in /var/log/maillog:

Postfix

CONFIG_TEXT: postfix/smtp[27746]: E3B24978700: to=john.doe@example.com, relay=none, delay=537, delays=446/0.02/91/0, dsn=4.4.1, status=deferred (connect to example.com[203.0.113.2]:25: Connection timed out)

CONFIG_TEXT: postfix/smtp[15684]: connect to example.com[203.0.113.2]:25: Connection timed out

CONFIG_TEXT: postfix/smtp[27746]: E3B24978700: to=john.doe@example.com, relay=none, delay=537, delays=446/0.02/91/0, dsn=4.4.1, status=deferred (connect to example.com[203.0.113.2]:25: Connection refused)

QMail

CONFIG_TEXT: qmail: 1491974064.856278 delivery 8214: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)
On Windows the error below may be found in MailEnable > Servers > localhost > Services and Connectors > SMTP > Logs > Debug > SMTP-Debug-xxxx.log:

CONFIG_TEXT: ME-I0018: [0BCF8603898D4D25B155B5AFF7FB0FA4.MAI] Outbound message from ([SMTP:john.doe@example.com]) requeued as [FFEFCD05AA0A4CE9B2E74C7CAA6D8FE5.MAI] to the target domain [example.net]
ME-I0123: Domain [example.net] has MX list [mx1.example.net,mx2.example.net]
ME-I0026: [FFEFCD05AA0A4CE9B2E74C7CAA6D8FE5.MAI] Sending message
ME-IXXXX: [FFEFCD05AA0A4CE9B2E74C7CAA6D8FE5.MAI] DNS resolved to the following record: IP Address=203.0.113.2, Family=2, Type=1, Protocol=6
ME-E0038: [FFEFCD05AA0A4CE9B2E74C7CAA6D8FE5.MAI] Communications Error: Socket connection to mx1.example.net failed (error 10060). The host was either not contactable or it rejected your connection. Socket Family = 2; Host=203.0.113.2; Port=25
Local mail delivery between domains in Plesk works.
Outbound connections via port 25 from Plesk server are restricted either completely or intermittently:

# telnet example.com 25
Trying 203.0.113.2...
telnet: connect to address 203.0.113.2: Connection refused
Firewall on the Plesk server does not restrict connections to port 25.

Cause

Port 25 is blocked for outbound connections.
Sometimes internet service providers (ISP) can restrict or limit outbound/inbound connections on port 25 due to security reasons. Also, Google Cloud platform has such port blocked by default and services like G Suite should be used to send mail.

Resolution

Note: Networking tasks and the local firewall configuration are the activities that should be handled by Plesk server administrator, as Plesk is a part of the server infrastructure and relays on local network settings.

Note: Once port 25 is opened by your hosting/cloud provider and mail starts to work, you may safely close the message about TCP port 25 being blocked in Plesk at Tools & Settings > Mail Server Settings.

Here are general troubleshooting steps:

Make sure that the local firewall does not causes the issue. Stop the service temporary and try to send mail.
If the issue still persists, it means that the cause is outside of the Plesk server. In that case, contact network administrator and discuss if port 25 can be added to allowed ones or not.

If any of Cloud Services are used, it is needed to check firewall on the Cloud Service’s side.
- For Google Cloud, Amazon (AWS) outbound connections to port 25 are limited by default to prevent outgoing spam. To resolve the issue with port 25 on these Cloud Services refer to the following pages:
  - AWS: How do I remove the throttle on port 25 from my EC2 instance and Integrating Amazon SES with Postfix
  - Google Cloud: Sending Email from an Instance
- For Microsoft Azure, use a third party service like SendGrid. Create a SendGrid account and configure Postfix to use SendGrid as a relay.
  Azure blocks port 25 for new users: https://blogs.msdn.microsoft.com/mast/2017/11/15/enhanced-azure-security-for-sending-emails-november-2017-update/
- Vultr blocks port 25 but can unlock it: https://www.vultr.com/docs/what-ports-are-blocked
- Nitrado block the ports 25, 465 and 587 by default but can unlock them (see point 3) https://server.nitrado.net/eng/pages/cloud_server_tos
- OVH does not authorise communication on port 25 https://docs.ovh.com/ca/en/dedicated/firewall-network/

Additional information

How to configure Postfix to send email from a Google Cloud server using SendGrid?
How to configure MailEnable to send emails on Google Cloud Platform instance?

Comments

2 comments

Aristeidis Vlachopanos January 24, 2020 16:09

Hello,

In our server whenever I visit

Home > Tools & Settings > Server-Wide Mail Settings

on the top of the page I get the message

You cannot send emails from Plesk because outbound connections on TCP port 25 is blocked. Check the firewall settings or contact your hosting provider.

but there is no firewall blocking port 25 and I am able to connect via telnet.

However while searching in /var/log/maillog I spotted a timeout error like

postfix/smtp[15684]: connect to example.com[203.0.113.2]:25: Connection timed out

where example.com is an old, out of business mail provider. (Apparently a user is trying to send to an outdated email address)

Is it possible that we get the warning because of this error? Is this working as intended?

Thank you

0

Comment actions Permalink
Lev Iurev January 28, 2020 08:24 (Edited January 28, 2020 08:25)

Hello Aristeidis Vlachopanos ,

This error means that connection outside the server on port 25 is not possible. you could check it from the server, for example to google servers:

telnet aspmx.l.google.com 25

Usually this port is blocked by default on Cloud servers such as Google cloud and AWS, contact them in order to check the status of 25 port.

0

Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Articles in this section

Applicable to:

Symptoms

Cause

Resolution

Additional information

Related articles