stackoom
  简体   繁体   中英

Postfix Connection Timeout for Outgoing Mail - Port 25 is ***not*** blocked by ISP

 原文  2021-12-24 23:24:29       docker/ email/ smtp/ postfix-mta

Question

Many similar questions have been asked here, but most have the issue of port 25 being blocked by a cloud provider (ie DigitalOcean) or the ISP (ie Xfinity). I have neither of these problems, but still can't send outgoing mail.

I try to send outgoing mail, but get this error from posfix/smtp

connect to alt2.gmail-smtp-in.l.google.com[142.250.152.27]:25: Connection timed out

I am running a postfix from a spare laptop that is running Ubuntu Server, so I know it isn't a problem with a cloud provider. Additionally, I have Google Fiber, and they do not block any ports, including port 25. Just as a test, when I telnet to the above address, I can successfully connect.

$ telnet alt2.gmail-smtp-in.l.google.com 25
Trying 2607:f8b0:4001:c56::1a...
Connected to alt2.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP x17si5369573iow.10 - gsmtp

Any ideas what the final blocker is? The one thing I can think of is my postfix main.cf variables below might need tweaking. Also, FYI I am running the postfix server in a Docker container.

mydestination = localhost.$mydomain, localhost
proxy_interfaces = X.X.X.X # Static IP of Google Fiber router that is externally facing to WAN

1 answers

solution1
 0 ACCPTED  2021-12-30 06:53:10

After some digging, I looked up my hostname on Realtime Blackhole Lists, or RBLs, and discovered that my hostname and therefore mail server were being rejected as spam by any mail server that checks the public RBLs.

The solution to this was to set up SPF, DKIM, and DMARC through my DNS provider. Each of these play a role in reducing hostname spoofing, spam email, and other malicious activites. There are many tutorials online on how to do this.

SPF is Sender Policy Framework. This is used to prevent others from spoofing your domain.

DKIM is DomainKeys Identified Mail. This allows the senders to authenticate their emails by including a digital signature in the email header. DKIM uses public-key cryptography to verify that an email message was sent from an authorized mail server.

DMARC is Domain-based Message Authentication Reporting & Conformance, which builds on SPF and DKIM to prevent domain spoofing.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting a connection timeout issue with port forwarding in Kubernetes? Send mail from a container using a postfix container Azure App hosted docker port 25 Map outgoing TCP connection to Docker container How to make a TCP outgoing connection with Docker container? Docker localhost connection blocked by UFW Docker blocked on NPM install - Socket Timeout controlling docker-machine (using NAT) outgoing port kubernetes redirecting outgoing http traffic from the service to localhost:port Docker run connection timeout
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM