exim sending mail -> "Connection timed out"

[sistemio]

When we try to send a mail to any destination, exim return the following log

2023-04-17 19:07:25 [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out
2023-04-17 22:04:26 H=gmail-smtp-in.l.google.com [64.233.166.26] Connection timed out
2023-04-17 22:06:37 H=alt1.gmail-smtp-in.l.google.com [172.253.126.27] Connection timed out
2023-04-17 22:08:48 H=alt2.gmail-smtp-in.l.google.com [142.251.9.27] Connection timed out
2023-04-17 22:10:59 H=alt3.gmail-smtp-in.l.google.com [142.250.112.27] Connection timed out
2023-04-17 22:13:10 H=alt4.gmail-smtp-in.l.google.com [74.125.200.27] Connection timed out
2023-04-17 22:13:10 [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out

When I do telnet We don't have problems to connect to port 25

]# telnet alt4.gmail-smtp-in.l.google.com 25
Trying 74.125.200.27...
Connected to alt4.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP n17-20020a170902e55100b001a6f94a0854si832827plf.324 - gsmtp

We have tried to rebuild exim, exim_conf, dovecot, dovecot_conf etc without success

Somebody have any idea where could be the problem?

Thank you so much

 

[sistemio]

Another data, when I execute

/usr/local/directadmin/scripts/exim.sh

The "connection timed out" problem is solved but I have other problems because the versions of exim.conf and exim.pl is too old.
Then I rebuild the versions of exim with

cd /usr/local/directadmin/custombuild
./build update
./build set exim yes
./build set eximconf yes
./build set spamassassin yes
./build update
./build exim
./build exim_conf

And again We can not send mail with the connection timed out error.

Any idea? ?

 

[Richard G]

You can stop rebuilding exim etc. because you already did that, so we're sure that is not the cause.
I presume the [email protected] is the one you are trying to send a mail TO, correct?

In 99% of the situations of a timeout, it's a block somewhere.

Can you disable CSF firewall in full, to be sure that it's not a partly block?
Via SSH you can issue the command:
csf -x
to completely disable csf/lfd. After that, try again.

If it then works, check these settings are like this in the /etc/csf/csf.conf file:
SMTP_BLOCK = "1"
SMTP_ALLOWLOCAL = "1"
SMTP_PORTS = "25,465,587"
SMTP_ALLOWUSER = ""
SMTP_ALLOWGROUP = "mail,mailman"
SMTPAUTH_RESTRICT = "0"

If not, correct then, then start the firewall and see if the problem persists.

If the mail still gives a timeout on sending with the firewall -disabled-, then it must be something else? Do you use Comodo or some other form of extra security?

 

[sistemio]

Hi Richard, thank you for your reply.

Yes [email protected] is an exaple of a mail to send. But could be [email protected] etc ....

I have disabled the firewall and don't work.

Also I have checked via telnet in the same server and telnet works perfect.

Yes, I use comodo .
im completely lost.


thank you

 

[Richard G]

Hello.
As every port is open when CSF is disabled, it most likely is Comodo causing the issue.

I never worked with Comodo so I don't know if it's possible to temporarily disable it to check or how to open ports there.
Most likely root is amongst the users that are allowed to use telnet to port 25 outgoing but exim isn't.

Try like this to see if it's indeed Exim which is blocked. Via telnet:

exim -i -t <<< 'From: Sistemio <[email protected]>
To: Somebody <[email protected]>
Subject: Test message

content line 1
content line 2'

don't forget the last apostrophe to have exim close and send the message.

If it's getting a timeout again, then we're sure it's Comodo.

 

[sistemio]

Hi!, yes I have same problem sending the mail with your code. I'm going to remove comodo and try

 

[sistemio]

Comodo removed from server and CSF disabled.
via telnet works perfect and via exim "connection timed out" ?

 

[sistemio]

When I compile exim with /usr/local/directadmin/scripts/exim.sh inexplicably it works fine and all the emails that are in the queue are sent.

but I have to build again the most recent version of exim back because the incoming emails give an error.

Any idea that what should I watch?

Thank you so much for your help!

 

[Richard G]

Oke now I'm confused. So if you compile exim wiht the exim.sh script it works, but when you do it the official way like you stated in post #2 it does not work?
The only thing I'm seeing missed is that you did a "build set spamassassin yes" but you did not build spamassassin. I doubt however if that could be causing the issue.

I think it's time to call in some more specialized people to have a fresh look at this, because this I didn't encounter before.
And if you did not customize anything from Exim, it should just work flawlessly like you compiled in post #2.

@zEitEr or @smtalk or @mxroute can you have a look here please what this odd issue is?

 

[sistemio]

I don't have any customization in exim, the custombuild default configuration.
It has been working for years until a few days ago.
And the strangest thing is that doing Telnet on port 25 587 and 465 responds perfectly, or recompiling as I mentioned in post#2 and in post#8 too

I can send logs or all that you need for investigation

 

[sparek]

What user is exim running as?

ps aux | grep exim

It should be the mail user. If it's not the mail user, then that would need to be investigated.

Can you still connect to 74.125.200.27 on port 25 as root?

telnet 74.125.200.27 25

If so, then change to the mail user:

su -s /bin/bash - mail

And then as the mail user attempt the same telnet

telnet 74.125.200.27 25

Does the connection work?

 

[sistemio]

Results:
ps aux | grep exim

[root@urano ~]# ps aux | grep exim
mail 25844 0.0 0.1 69088 10024 ? Ss Apr18 0:00 /usr/sbin/exim -bd -q1h
root 28574 0.0 0.1 68288 9232 ? S 11:16 0:00 /usr/sbin/exim -q
root 30704 0.0 0.1 69684 10212 ? S 11:35 0:00 /usr/sbin/exim -Mc 1pp4DO-0007yt-0U
mail 30706 0.0 0.0 69688 6156 ? S 11:35 0:00 /usr/sbin/exim -Mc 1pp4DO-0007yt-0U
root 31202 0.0 0.1 68996 10212 ? S 11:36 0:00 /usr/sbin/exim -q
mail 31203 0.0 0.0 69000 5888 ? S 11:36 0:00 /usr/sbin/exim -q
root 31352 0.0 0.0 110816 2208 pts/3 S+ 11:37 0:00 grep --color=auto exim

telnet 74.125.200.27 25

[root@urano ~]# telnet 74.125.200.27 25
Trying 74.125.200.27...
Connected to 74.125.200.27.
Escape character is '^]'.
220 mx.google.com ESMTP o6-20020a63f146000000b0051b7d4ff03csi11757085pgk.874 - gsmtp
quit
221 2.0.0 closing connection o6-20020a63f146000000b0051b7d4ff03csi11757085pgk.874 - gsmtp
Connection closed by foreign host.

su -s /bin/bash - mail

[root@urano ~]# su -s /bin/bash - mail
Last login: Wed Apr 19 08:23:44 CEST 2023 on pts/2
-bash-4.2$

telnet 74.125.200.27 25

-bash-4.2$ telnet 74.125.200.27 25
Trying 74.125.200.27...
Connected to 74.125.200.27.
Escape character is '^]'.
220 mx.google.com ESMTP r12-20020a17090aad0c00b002477bb336ebsi1433704pjq.6 - gsmtp
quit
221 2.0.0 closing connection r12-20020a17090aad0c00b002477bb336ebsi1433704pjq.6 - gsmtp
Connection closed by foreign host.
-bash-4.2$

 

[Richard G]

root 31202 0.0 0.1 68996 10212 ? S 11:36 0:00 /usr/sbin/exim -q
mail 31203 0.0 0.0 69000 5888 ? S 11:36 0:00 /usr/sbin/exim -q

There is something wrong IMHO. Exim is running twice, once as root and once as mail???

 

[sistemio]

yes is right in other servers that I have not occurs.

How can I solve this?

There is something wrong IMHO. Exim is running twice, once as root and once as mail???

 

[Ohm J]

first thing, in post #2 you solved with incorrect way. Due you do this, maybe there have some multiple banary running in same time.
So try reboot your server to clear any memory / cache garbage. sometime it could hang or freeze service that can't kill.

 

[sistemio]

server restarted and no changes. Not sending and running twice exim

 

[Ohm J]

ok, look like you guy trying every thing you could.
Lasting, maybe it could relate to your dns resolve "/etc/resolv.conf"
so try put something like "1.1.1.1" or "8.8.4.4"

otherwise, this case need to create support ticket or hire someone checking directly for you.

 

[sparek]

While I'm not exactly sure that having two running Exim's is really your issue - it's still something that needs to be resolved.

You would need to figure out why you've got two running Exims. Not really sure how to tell you do that.

What version of Exim are you running?

/usr/sbin/exim -bV

Do you have a custom Exim Makefile?

ls -al /usr/local/directadmin/custombuild/custom/exim/Makefile

Do you have anything in the custom Exim directory?

ls -al /usr/local/directadmin/custombuild/custom/exim/

Do you have a da_exim package installed?

rpm -qa | grep da_exim

Although I appear to have this package installed on one DirectAdmin server - not sure why. Perhaps someone else can provide some insight on this. I'm guessing that at one time DirectAdmin installed Exim through an RPM? But I'm not sure if it's of any consequence now.

I would further speculate that when you ran /usr/local/directadmin/scripts/exim.sh you may have installed this da_exim package and your Exim version may be wrong. This is all just a guess right now.

 

[Richard G]

I would indeed solve the double Exim first.

If not it might indeed be good to send in a ticket to get this resolved decently.

 

[sistemio]

thank you so much for your replies

this is the responses of the server:

[root@urano ~]# /usr/sbin/exim -bV
Exim version 4.96-58-g4e9ed49f8 #2 built 19-Apr-2023 14:46:02
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq IPv6 Perl OpenSSL TLS_resume move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPECONNECT PRDR Queue_Ramp SPF SRS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
2023-04-19 20:28:53 cwd=/root 2 args: /usr/sbin/exim -bV
Configuration file is /etc/exim.conf

[root@urano ~]# ls -al /usr/local/directadmin/custombuild/custom/exim/Makefile
ls: cannot access /usr/local/directadmin/custombuild/custom/exim/Makefile: No such file or directory

[root@urano ~]# ls -al /usr/local/directadmin/custombuild/custom/exim/
ls: cannot access /usr/local/directadmin/custombuild/custom/exim/: No such file or directory

[root@urano ~]# rpm -qa | grep da_exim
da_exim-4.89.1-1.x86_64