Cannot connect to SMTP server when sending mail.

[snowweb]

Hi Guys,

Everything has been configured and working perfectly for months but I just tried to send an email from my PC using my POP3 account on the remote DA VPS and I got the message that my mail client (The Bat), could not connect to the server. I also tried from another PC and got the same message. I've rebooted both and our broadband router but still the same problem.

I've checked DA and all looks ok there, but I restarted it for good measure. I've checked all the logs and everything looks like it's running ok. I've also checked that all services are running and they appear to be.

It seems like DA is not accepting connections on port 25, but I don't know how to tell or what to check next. It was working and nothing has changed over the holidays, so I've no idea where to look.

If anyone needs it, the IP address is 216.108.227.20 and it is accepting incoming mail ok, but for some reason it is not allowing any mail account to send mail.

Any advice would be much appreciated, before the phones start ringing (I've got about 16 domains on there).

Many thanks in advance.

pete

 

[snowweb]

update..

I just checked webmail and that is working fine. I'm therefore wondering whether my residential broadband ISP is blocking outgoing port 25, forcing there clients to use their own SMTP servers. Not sure how to test for this but if this is the case, I will be needing a solution for my customers as most of them have the same ISP as me.

I've asked a customer in another country to try sending and let me know how they got on, which should determine whether it's our local ISP or not.

If it is, I'm thinking that a simple solution may be to open port 26 as an alternative to port 25 for SMTP, for those customers who are barred from using port 25.

Is this possible without disrupting the existing port 25? If so, please can someone tell me how to setup port 26 as an alternative?

Thanks again,

pete

 

[jissh]

Tell your clients to use port 587.. ISP's usually do not block this port

 

[snowweb]

Thanks jissh,

I just tried that and it worked. Well done.

I'm wondering why it worked though, since I haven't set up DA to listen on this port? I assume DA is setup to listen on both 25 and 587 by default?

Anyway, thanks for your help.

pete

 

[nobaloney]

I'm wondering why it worked though, since I haven't set up DA to listen on this port? I assume DA is setup to listen on both 25 and 587 by default?

Since port 587 is the standard email submission port (see the relevant RFC 2476 here; see section 3.1) when I wrote the currently used exim.conf file for DirectAdmin I made sure it would accept submissions on that port .

Note that port 587 traffic should (and we do implement it correctly) only be accepted from authenticated senders.

Many ISPs block port 25 off their network as a way to cripple spambots on their networks. Others (AOL is an example) silently redirect port 25 to their own servers so the outgoing email can be logged by them.

Jeff

 

[snowweb]

Ah, ok Jeff, makes sense now.

And all along, I thought 25 was the standard port for smtp! It seems that it may be the most common although 587 is the main port designated for this. I learn something new everyday!

Thanks for the education!

pete

 

[nobaloney]

Port 25 is the standard port for mail transfer between servers' MTAs (Mail Transfer Agents). Port 587 is the standard port for use by MUAs (Mail User Agents) to send outbound email to their authorized MTA.

Jeff

 

[snowweb]

Ok. So the mail client manufacturers are really promoting the use of the incorrect port when they set the default port for sending outgoing mail to the SMTP server to port 25 instead of the RFC specified port 587.

Ah, well. I guess they have their reasons! Anyway, you solved my problem and I learned I bit along the way too.

Cheers Jeff.

pete

 

[floyd]

So the mail client manufacturers are really promoting the use of the incorrect port

Jeff said:

Port 587 is the standard port for use by MUAs (Mail User Agents) to send outbound email to their authorized MTA.

Keyword "authorized." When using port 587 you are supposed to send the username and password to authenticate yourself so that the MTA will accept your mail. With port 25 you don't have to send the username and password but many isp's block that port.

So no they are not promoting an incorrect port. They are failing to promote an additional option. Ports 25 AND 587 are correct. It just depends on how you want to send your mail.

That's the way I understand it. I know Jeff will correct me if I am wrong.

 

[nobaloney]

You're right. I probably should have used the word authenticated rather than authorized, but since changing it will take your reply out of context, I won't change it.

Some definitons would argue that port 587 is used by mail submission agents; Wikipedia explains that some MTAs operate as MSAs as well.

I will add a bit of historical reference.

The Internet was once a nicer place. SMTP was thought of us a cooperative effort, and all servers were not online all the time. Sharing of SMTP resources was allowed, and even accepted, so everything relating to transport was done on port 25.

Now that the Internet is not so nice, we've had to change how we do things: we allow delivery to the final destination on our servers on port 25, and ideally we accept mail for relay to other servers only on port 587, which requires authentication.

While delivery protocols mandate (at this time anyway) that port 25 traffic be relayable, many ISPs have (in my opinion rightfully) closed off port 25 traffic for egress from their networks, as I've mentioned previously, so as to better manage and monitor email traffic.

We should all use port 587 for email submission.

There's a short explanatory article in the PCMagazine archives, here.

Jeff