We use a PHP library that opens a connection to SMTP server to validate certain emails when registering new clients.
After a server change the script has started reporting constant connection timeouts:
fsockopen(): unable to connect to alt1.gmail-smtp-in.l.google.com:25
(Connection timed out) in /home/xxxxxx.php on line 195, referer: xxxxx
We can telnet the server via console as root, but not as apache user so we discarded it to be an iptables firewall issue (we use CSF).
Strange enough, it seems we can fsckopen other pòrts.
We are digging other issues of CSF configuration but so far we are completely lost as no other logs (lfd, iptables, syslog) reports anything.
SOLVED!
If CSF option SMTP_BLOCK is activated (=1) apache user ("www-data" in our case), needs to be added to the SMTP_ALLOWUSER directive for PHP (through Apache) to work with SMTP as a destination.
CSF firewall will block any outgoing connections to SMTP for users not allowed but without any logging to lfd.log
Related
I developed a simple code, with the php language, to connect to my email and count the number of emails received, using the local Window 10 server.
<?php
// server IMAP per la connessione
$server = "{imap.gmail.com:993/ssl/novalidate-cert}";
// account Gmail
$login = 'login#gmail.com';
// password per l'accesso a Gmail
$password = 'password';
// connessione IMAP ad un account Gmail
$connessione = imap_open($server, $login, $password);
$conteggio = imap_num_msg($connessione);
echo $conteggio."<br>";
By enabling the IMAP protocol on Gmail and enabling access to less secure apps, the code does
not give any kind of error.
The problem arises when I try to execute this code into a Centos 7 server machine.
I installed the IMAP protocol compatible with my PHP 7.3 version, using this command line: yum --enablerepo=centos-sclo-sclo-testing install sclo-php73-php-imapservice imapd restart.
Once the package is successfully downloaded, I restart the server machine and go check on
<?php
phpinfo();
?>
and notice that the IMAP is enabled.
imap
IMAP c-Client Version 2007f
SSL Support enabled
Kerberos Support enabled
After this check, if I try to run my initial code, this error message appears to me on output: warning: imap_open(): couldn’t open stream {imap.gmail.com:993/ssl/novalidate-cert} even though i have enabled imap and by actvaing.
PS. the password and login are correct.
The issue doesn't seem to be PHP related, but connection related, especially if the script works on a different machine.
There are two things you need to check.
Can you outbound connect on port 993 (is it open for OUT connections). You can try telnet to check that and if it doesn't work verify your Linux Firewall settings.
Do you have SELinux enabled and if you do did you check your audit log for AVC denials? It you have issues you may need to enable your httpd_can_network_connect or even do an audit2allow as the port might be non-standard. Be careful what you are doing as you can disrupt security on your server.
I have a website hosted by ionos (before it was named 1and1). This website uses the symfony 4 framework. Everything is working properly except for sending emails. I have configure my .env file like this:
MAILER_URL=smtp://contact#mysite.com:password#smtp.ionos.fr:465
But this is not working, and I get this error:
Exception occurred while flushing email queue: Connection could not be established with host smtp.ionos.fr [Connection timed out #110]
I have already tried with the 587 port (TLS), without success. Moreover, I have tried encoding the first # used for the username with %40 to avoid conflict. I think the issue might come from the SMTP configuration.
For those who are struggling, even after reading this:
https://www.ionos.com/help/email-office/general-topics/settings-for-your-email-programs-imap-pop3/
I used the configuration below (with the port 25), and it works!
MAILER_URL=smtp://smtp.ionos.fr:25?auth_mode=login&username=emailAddress&password=myPassword
I work with 2 servers one is my production server other is my resource server.
I cannot connect to my resource server from my production server over ftp.
I can connect to other servers from my production server.
I can also connect to my resource server from my localhost or filezilla.
I use this code to connect :
$conn_id = ftp_connect("resource server ip", "21", "5");
if ($conn_id) {
echo "connected";
ftp_close($conn_id);
}
print_r(error_get_last());
I don't get any output when I run this script on server(no error).
On localhost it runs no problem.
What can be the problem with this? Is this something that server admin has to resolve? Thanks for help.
You should first check from commandline, whether it's a networking/OS issue or not.
So if you've got shell access to the production server try connecting to the resource server via the commandline ftp client.
If that does not work, you've got a network / firewall / access control problem, not related to php or your software, and you should talk to the sysadmin.
If it does work, then the problem is in your stuff, and you should set the log levels to high, and run this script from commandline, also check the logs of php, php-error, syslog and the resource servers ftp access log and syslog too.
Note: ftp is a not-too-exact beast, the servers and clients have a lot of workarounds built in to treat each other in a way, that works somehow. There could be issues from active (multiple back-and-forth connections) and passive mode (it's like http), also with ls formats and timestamps, timezones and ports.
Also some servers only support ftps (ftp with ssl) - which is not the same as sftp (file transfer over ssh - port 22).
Your production server probably has some firewall rules, and your connection get caught on that, to debug this, please use the commandline ftp client, and/or nmap / netcat.
We send some files across to a third party with a PHP cron job via FTP.
However sometimes we get the following error:
ErrorException [ 2 ]: ftp_put(): php_connect_nonb() failed: Operation
now in progress (115) ~ MODPATH/fileop/classes/Drivers/Fileop/Ftp.php [ 37 ]
When I say "sometimes" I mean exactly that; most times it goes across fine but about 1 in 5 times we get that error. It's not to do with the files themselves, because they will go happily if we try again.
We've found similar issues online - relating to a bug in PHP with NAT devices or to do with firewall configuration but again the implication is that if this were the case it would never work.
So, why would this work some times and not others?
ftp_set_option($ftpconn, FTP_USEPASVADDRESS, false);
This line of code before setting passivity of the connection ftp_pasv($ftpconn, true);
Solved my problem
FTP(S) uses random ports to set up data connections; an intermittent success rate indicates that not all ports are allowed by a firewall on the client and/or server machines. The port range for incoming (PASV) data connections can be set in the FTP server.
This page has a nice summary:
The easy way is to simply allow FTP servers and clients unlimited
access through your firewall, but if you like to limit their access to
"known" ports, you have to understand the 4 different scenarios.
1) The FTP server should be allowed to accept TCP connections to port
21, and to make TCP connections from port 20 to any (remote ephemeral)
port.
2) The FTP server should be allowed to accept TCP connections to port
21, AND to accept TCP connections to any ephemeral port as well!
3) The FTP client should be allowed to make TCP connections to port
21, and to accept TCP connections from port 20 to any ephemeral port.
4) The FTP client should be allowed to make TCP connections to port
21, and to make TCP connections to any other (remote ephemeral) port
as well!
So, I'm writing this answer after doing some investigation on my FTP server and reading the link you provided elitehosts.com.
I'm using FileZilla FTP server, and there is a specific setting that I had to enter to make it work. Going into the server settings, there is an area titled "Passive mode settings". In that dialog, there is an area titled "IPv4 specific", and within that area there is a setting labeled "External Server IP Address for passive mode transfers:". It's a radio button selection set, and it was on "Default", but since the FTP server is NAT'ed, I changed that radio selection from "Default" to "Use the following IP:" and entered in the external-facing IP address of my gateway provided by my ISP.
After I set this up, it worked! Not terribly sure if your FTP server is NAT'ed, but I thought I would provide the answer on this thread because it seems related.
In addition to Cees answer, I am running vsftp on ec2 and had to comment out the listen_ipv6=YES, listen=YES then "service vsftpd restart".
Although documentation says it will listen on ipv4 as well it wasn't and this resolved the issue.
For me all I had to do was to remove the ftp_pasv( $ftpconn, true ); and everything worked perfectly. I'm not yet sure why but I am trying to find out and I will surely come back when I do get the reason behind it.
This should be a comment under jj_dev2 comment, but I cannot add one due to reputation. But maybe it will be helpful for someone, so I post it here.
We had the same issue as described in the original post. In our case it worked with many customers - except one.
The solution in jj_dev2 comment did work for us. So we investigated what does ftp_set_option($conn, FTP_USEPASVADDRESS, false) actually do. And based on that we found out that in fact customer's FTPS server was configured incorrectly.
In response to PASV command (ftp_pasv($conn, true)) FTP server returns an IP address which the PHP FTP client then will use for data transfers. In our case the FTP server was returning an internal IP address and not the public IP address that we connect to. Customer had to fix their FTP server settings so FTP server would send external IP address in the PASV command response.
I've been using class.phpmailer.php for some time but recently it stop working on my web server.
It is still working on my home computer but I guess that it's because I didn't update xampp.
The error returned is:
php SMTP -> ERROR: Failed to connect to server: A connection attempt
failed because the connected party did not properly respond after a
period of time, or established connection failed because connected
host has failed to respond. (10060)
I've also used this class eukhost and it sends the email with no errors.
I'm now going debugging class.phpmailer.php to see what is wrong.
But before I start, I would like to know if someone got this problem ans solved it.
If this had been working and now has recently stopped, it could be a temporary issue, or some settings for the mail server have been changed and you now need to update your settings.
The error message is telling you that it could not connect to the mail server. Socket error 10060 is a general operation timed out message.
You need to verify that the SMTP host and port numbers being used by phpmailer are correct. You should from another machine (or the same system running PHP) be able to telnet your-mail-server-here.com 25 where 25 represents the port number.
If you can't connect to the server, then the mail server is down or the hostname or port have changed. If you can connect from other systems but not from your PHP server, it is possible your IP has been blocked from the mail server, or a local/remote firewall are preventing your connection.
Hope that helps.