Telnet to port 25 works but fsockopen doesn't?

[Jibbs]

I am trying to connect to external SMTP servers with a PHP script. If I log in as root and telnet to "mymailserver.com" on port 25 it works fine. However my script comes back unable to connect to mymailserver.com:25 (Network is unreachable) ... fsockopen error 101

this points to some sort of odd firewall issue or something to do with my php config? I'm at a total loss here.

Upon further investigation it looks like something to do with php is blocking it. I can telnet, I can run the script as root with PHP CLI and it works, but running it from the web fails. The request isn't getting sent out to that port, checked it with wireshark. Any suggestions out there?

 

[scsi]

different settings in php.ini?

 

[Jibbs]

really not sure what settings to look for

 

[zEitEr]

A list of disabled functions in php.ini.

How do you detect it does not work? What error do you see there?

 

[Jibbs]

I know it doesn't work because I used wireshark to try to connect to a mailserver on port 465. If I capture packets when running in web versus running with CLI, the web gives me NO PACKETS not even a request, but the CLI does, I can see what you'd expect. This only happens on mailserver ports (25, 465, 587). The function isn't disabled as much as it seems limited. I know this sounds crazy but that's what's happening.

 

[zEitEr]

What error do you see there in a PHP script?

 

[Jibbs]

Warning: fsockopen() [function.fsockopen]: unable to connect to mymailserver.com:465 (Network is unreachable) in /home/usr/public_html/testemail.php on line 15

 

[Arieh]

http://www.directadmin.com/features.php?id=1427 maybe this feature is active?

 

[Jibbs]

before i run any of these commands would this one work for me to allow any outbound connections on port 465?

IPTABLES -A OUTPUT -p tcp -d 127.0.0.1 --dport 465 -j ACCEPT

 

[Arieh]

Well it says

If you didn't manually install the iptables script yourself, then you're not likely using it, so if you want this change, use the id=380 guide normally (below).

So this is probably not it. Have you tried any other ports? like mymailserver.com:80 if there is apache running on that server.

 

[Jibbs]

yeah, and that works fine

 

[Arieh]

Just to be sure on the iptables thing, you could try to login as a normal user and try the telnet again? That way we can rule out if it's just php or the user access.

 

[scsi]

Just disable the firewall and see if it works or not.

 

[Jibbs]

yeah it did not work when logged in as a normal user

 

[Arieh]

Maybe check the iptables

iptables --list

See if there is anything odd in there concerning the ports. Like --uid-owner

 

[nobaloney]

Port 25 is a privileged port; does thishttp://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html describe your problem?

Jeff