I'm building an internal web-application in PHP that needs the ability to mail.
I've used the code listed here:
Send email using the GMail SMTP server from a PHP page
and it works like a charm, when I run it from my house. However, when I run the code from the office, I get the following:
Failed to connect to ssl://smtp.gmail.com:465 [SMTP: Failed to connect socket: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (code: -1, response: )]
Any idea how to get around this?
Thanks,
-JWW
I agree with the responder above - this is most likely a firewall blocking outbound connections on port 465. You can either try TLS connection on port 587 or port 25 per Gmail's troubleshooting docs : http://support.google.com/mail/bin/answer.py?hl=en&answer=78775
If you are unable to get around this (if IT will not remove the blocks for example), you could try a third party API as a proxy. Our product http://PostageApp.com can use external mailservers such as Gmail, in addition to our own MTA, and communication is all through standard http REST calls, avoiding the firewall issue.
We're a paid service but have a free plan as well...if you would be sending more email than our free plan allows for (100/day), then you'll probably fall foul of Gmail's sending limits anyway which restrict third party clients to about 100/day outbound.
http://help.postageapp.com/kb/quick-start-guides/php
Disclaimer: I work for PostageApp
It's most probably a firewall at your workplace blocking outgoing connections to port 465. Did you try port 587 instead?
Related
I'm trying to test mail to send out emails from my VM at Microsoft Azure but I'm getting this errors!
Nov 3 06:33:22 devvm postfix/smtp[10942]: connect to alt1.gmail-smtp-in.l.google.com[142.250.150.27]:25: Connection timed out
Nov 3 06:33:22 devvm postfix/smtp[10942]: connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:4010:c1c::1b]:25: Network is unreachable
Nov 3 06:33:22 devvm postfix/smtp[10942]: connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4003:c00::1b]:25: Network is unreachable
Nov 3 06:33:22 devvm postfix/smtp[10942]: 4C7CABDD84: to=MyEmailRemoved#gmail.com>, relay=none, delay=57498, delays=57437/0.01/60/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4003:c00::1b]:25: Network is unreachable)
What I've tried to do is enabled port 25 from azure, but can't figure out how to fix this.
There is restriction of outbound SMTP connection from VMs. The direct SMTP connection from Azure is blocked to protect Azure data center public IP addresses from reputation abuse even if authenticated.
The Outgoing email messages that are sent directly to external domains like outlook.com and gmail.com on TCP port 25 from a virtual machine is possible only when the VM is deployed in certain subscription types.
Even for the VMs which are deployed in the Pay-as-you-go subscriptions the outbound SMTP connections on TCP port 25 are blocked. But you can remove this block if your Azure subscription is in good standing and has a sufficient payment history. You can request to have the restriction removed by going to the Cannot send email (SMTP-Port 25) section of the Diagnose and Solve blade for an Azure Virtual Network resource in the Azure portal.
Only for the virtual machines that are deployed in Enterprise Agreement subscriptions, the outbound SMTP connections on TCP port 25 will not be blocked.
As an workaround its recommended to use authenticated SMTP relay services to send email from Azure VMs. These relay services typically connect through TCP port 587. SendGrid is one such SMTP relay service, but there are others.
Read this Sending Email with Microsoft Azure document for detailed explanation on how to use SendGrid to send mails form Azure VMs.
And for more information on restriction of outbound SMTP connection from VM read this Troubleshoot outbound SMTP connectivity problems in Azure document.
According to this
Gmail SMTP Server could also be used to relay messages from your
device or application. You can connect to Gmail mail servers using
SMTP, SSL/TLS. If you connect using SMTP, you can only send mail to
Gmail or Google Apps users; if you connect using SSL/TLS, you can send
mail to anyone.
If your device or application supports SSL - connect to smtp.gmail.com
on port 465.
So I tried connecting to smtp.gmail.com on port 465. I got the following error:
Unable to send email using PHP SMTP. Your server might not be
configured to send mail using this method.
Some code uses another address "ssl://smtp.gmail.com".
When I use ssl://smtp.gmail.com also on port 465, my application now works correctly.
What's the difference between ssl://smtp.gmail.com and smtp.gmail.com if the latter also uses ssl?
Why can't we send emails to other domains without SSL? Is this only done by gmail for security purposes?
I am extremely new at this. Can anyone explain? I am using php if it matters.
The difference between the prefixing the hostname with ssl:// and without it is whether or not the underlying stream will be wrapped through OpenSSL, or speak in plain text.
When you connect to Gmail on port 465, it expects the client will use TLS encryption. Most likely, the error message you were seeing was a general result of connecting to a service expecting an encrypted connection when it was just trying to write and read data in plain text.
PHP does magic for you when you use the ssl:// wrapper to connect to a service that supports TLS or SSL. It allows you to read and write on the stream (using say fread/fwrite) in the same manner you would on an unencrypted connection and all the handshaking, encryption, and decryption is done in the background having to do no more than prefix the host with the ssl wrapper.
As to the second question, it is most likely security related. In order to relay (send mail to another domain) you need to authenticate over SMTP which should NEVER be done in cleartext while you can connect on port 25 using an unencrypted connection and send mail to a Gmail user without authenticating (this is what most outside mail servers do when one of their users which to send mail to Gmail). But technologically, there's nothing preventing them from allowing you to send mail using an unencrypted connection, or even authenticating with Gmail credentials (this is called an open relay and is usually badly abused by spammers).
You can learn more about your first question by just reading about the SMTP protocol, the STARTTLS command, and TLS encryption in general. STARTTLS allows a client to connect to the mail server over an unencrypted connection and then negotiate (upgrade) the connection to use encryption, where on the other hand, connections to port 465 expect a TLS handshake to occur as soon as the connection is established and before any protocol (SMTP) communication occurs.
I have an issue with the mandrill API, I got this message :
Failed to connect to mandrillapp.com port 443: Connection timed out
It's works on my production server (ex mysite.com), but not on my dev server (ex mysite.com:8080).
The two servers have same config by the way.
Anyone knows why I got this issue ?
Thanks !
Make sure your hosting provider or internet provider (ISP) allows
outbound SMTP connections. Some shared hosting providers only allow
outbound SMTP connections on dedicated servers, while others block
them completely. In some cases, hosting providers might redirect the
connection, so instead of connecting to smtp.mandrillapp.com, you
connect to their local server instead.
Make sure the port you've selected is one that your hosting provider
or ISP has available for outbound SMTP connections. Some hosts block
all connections on port 25, for example, so you can try using a
different supported port.
Double check that you're using a valid API key to connect via SMTP,
and not the password that's used to log in to Mandrill's web
application.
If you're using Postfix, make sure that you have an SASL library
(like libsasl2 or cyrus) installed and that it's up to date.
Otherwise, you may be connecting but not passing authentication
credentials.
For other SMTP libraries, make sure you're using LOGIN or PLAIN
authentication methods.
Once you've confirmed all of the above, if you're still seeing issues,
please enable additional logging in your SMTP program or library. If
you're using an integration, contact the integration developer for
information on configuring logging of the SMTP conversation.
Where do I find my SMTP credentials?
After you create a Mandrill account, get your SMTP credentials on the
SMTP & API Info page in your account.
The SMTP password is any active API key for your account, not the
password used to log in to Mandrill. The credentials list port 587,
but any port supported by Mandrill will work, and there's no
configuration change needed within Mandrill to activate one of the
alternate ports.
Which SMTP ports can I use?
You can use port 25, 587, or 2525 if you're not encrypting the
communication between your system and Mandrill or if you want to use
the STARTTLS extension (also known as TLS encryption). SSL is
supported on port 465.
ISPs may redirect traffic on certain ports, so it's up to you which
port you use.
Reading up on GAE as a possible alternative to dedicated hosting (or VPS)...
Seems I would need to re-write a bit of code, if I had modules which relied on SMTP. Does this mean that even if I connected to a remote SMTP server that code would need to change to an HTTP API (assuming one is even provided by an third party SMTP provider such as smtp.com).
Yes - AppEngine/PHP does not yet support sockets and thus you can not connect to external SMTP servers. Also, even with sockets you would not be able to use SMPT on port 25, but authenticated SMTP on port 587 - see socket limitations.
OTOH, you can send email from AppEngine via the Mail API.
If you still want to send email via an external mail provider, you need to choose one that supports HTTP API, for example Amazon SES.
I am running a local apache server on an ubuntu machine, and i am trying to use the phpmailer class to send mail.
It tries to connect by fsockopen to the mail server, but it throws a timeout error. I tried setting the timeout to 15sec with no luck.
It does work on other machines.
How can i find out if my ISP has blocked requests ?
The mail server responds to ping.
ping and SMTP command don't go via the same port ; it is possible that one port is opened, and not the other one.
If there is a timeout, it probably means that :
either your SMTP server is not accepting connections from your server
or there is something somewhere (like a firewall) that's blocking your requests.
If you have an ssh access to the server, using telnet in command line to try to connect to the SMTP server, and send SMTP commands, might allow you to get some more informations...
Here a couple of links that show examples of an SMTP session via telnet :
Sending an e-mail via Telnet
Send mail through SMTP using Telnet
If you cannot connect to the server, maybe you'll get some error message (telling you that you are not allowed to connect, for instance), or it'll timeout again... Which probably means your request are being blocked somewhere...
In that case, check with your network administrator ; maybe he'll have some idea about opening some port on the firewall.