Diagnosis alter on port 25 but email are OK (false positive ?) - Alerte port 25 mais emails OK (faux positif ?)

Support
, ,
1

:us: Message template (english)

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: 4.3.6.2 (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

This morning, I have received a diagnosis alert :

=================================
Email (mail)
=================================

[ERROR] The outgoing port 25 seems to be blocked. You should try to unblock it in the control panel of your Internet service provider (or host). In the meantime, the server will not be able to send emails to other servers.

My ISP is Free (France). I checked on the administration panel of my Free box and the port 25 seems to be open and redirects well to my mail server. I also sent a test email which was received by the recipient.

I have run a new diagnostic and the alert still persists. I wonder if this alert is a bug or if you have more information on this subject.

Question
Could you please give me your opinion? Is there anything to unblock?

Thank you very much for your help!

:fr: Modèle de message (français)

Mon serveur YunoHost

Matériel: Vieil ordinateur
Version de YunoHost: 4.3.6.2 (stable)
J’ai accès à mon serveur : En SSH | Par la webadmin
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non

Description du problème

Ce matin, j’ai reçu une alerte de diagnostic :

=================================
Email (mail)
=================================

[ERROR] Le port sortant 25 semble être bloqué. Vous devriez essayer de le débloquer dans le panneau de configuration de votre fournisseur de services Internet (ou hébergeur). En attendant, le serveur ne pourra pas envoyer des emails à d'autres serveurs.

Mon FAI est Free (freebox). J’ai vérifié sur le panneau d’administration de ma box Free et le port 25 semble être ouvert et redirige bien vers mon serveur de messagerie. J’ai également envoyé un email de test qui a été reçu par le destinataire.

J’ai lancé un nouveau diagnostic et l’alerte persiste. Je me demande si cette alerte est un bug ou si vous avez plus d’informations à ce sujet.

Question
Pouvez-vous me donner votre avis ? Y a-t-il quelque chose à débloquer ?

Merci beaucoup pour votre aide !

2 Likes
2

If you were at home, sending email, maybe the test is not valid. Port 25 is not blocked on your Yunohost, and not on your LAN. If you tested it with your laptop on the home network, there is no problem with port 25.

If I got it straight, port 25 needs to be open on your server to receive incoming connections from other servers.

I guess you got another mail account somewhere. If you sent an email from that account to your Yunohost-account, does it arrive?

Another thing to do for sure, is using https://www.mail-tester.com/ which gives a nice overview of everything that is correctly configured by Yunohost (I recall only a warning about missing an ‘unsubscribe’ link, which I can live with for my personal emails :stuck_out_tongue: )

After all this, it could be a false positive. For a long while I had a warning in the diagnostics that port 25 was open, but that another program seemed to be listening. I never found out why that happened.

1 Like
3

Same here since this morning.

My YunoHost server

Hardware: Root Server by Netcup
YunoHost version: 4.3.6.2 (stable)
I have access to my server : Through SSH | through the Webmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

https://www.mail-tester.com : 8/10

SSH command: “sudo lsof -i:25”

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
master 1458 root 13u IPv4 23468 0t0 TCP *:smtp (LISTEN)
master 1458 root 14u IPv6 23469 0t0 TCP *:smtp (LISTEN)
smtpd 22592 postfix 6u IPv4 23468 0t0 TCP *:smtp (LISTEN)
smtpd 22592 postfix 7u IPv6 23469 0t0 TCP *:smtp (LISTEN)

2 Likes
4

Same here since this morning on a digitalocean VPS.

From Digitalocean side the port is not blocked they confirmed some minutes ago.

I didn’t update anything - weird.

5

Incoming port is open and works, outgoing to other servers is the problem.

6

Result of: “nmap -p 25 smtp.gmail.com

Starting Nmap 7.70 ( https://nmap.org ) at 2022-03-12 11:50 CET
Nmap scan report for smtp.gmail.com (64.233.167.108)
Host is up (0.011s latency).
Other addresses for smtp.gmail.com (not scanned): 2a00:1450:4013:c08::6c
rDNS record for 64.233.167.108: wl-in-f108.1e100.net

PORT STATE SERVICE
25/tcp open smtp

Nmap done: 1 IP address (1 host up) scanned in 0.59 seconds

7

I have the same issue. Port 25 definitely open but diagnostic consider it as closed since this morning 7:00 AM (UTC+1).

8

Ok, I just checked mine, it also gives an error on port 25!

I think it’s an error in the diagnostics backend (or a hack on all of our Yunohosts, imagine).

The funny thing is that the ‘ports exposure’ section gives green light on port 25, and it is also not that the service is not running.

I give up for now :wink:

2 Likes
9

Maybe this will help?
Last server changes until this morning (/var/log/apt/history.log):

Start-Date: 2022-03-10  10:57:44
Commandline: apt-get --fix-broken --show-upgraded --assume-yes --quiet -o=Dpkg::Use-Pty=0 -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confmiss -o Dpkg::Options::=--force-confdef dist-upgrade
Install: linux-image-4.19.0-19-amd64:amd64 (4.19.232-1, automatic)
Upgrade: linux-libc-dev:amd64 (4.19.208-1, 4.19.232-1), linux-image-amd64:amd64 (4.19+105+deb10u13, 4.19+105+deb10u14)
End-Date: 2022-03-10  10:58:06
1 Like
10

Hello,

Same here at home, error on port 25.
I checked freebox’s parameters and they are unchanged.
I think that’s diagnostic problem.

But we are warned “Be aware that the diagnostic function is still experimental and under development and may not be completely reliable.”

11

Hello,
Same here also. I use a VPN (Aquilenet, an FFDN member) and my ISP is Bouygues. I can send mails to other servers without any problem. So definitely, it seems to be nothing more than a false positive.

13

Same here. Nothing change and since 2 days the diagnostics show me the port 25 is blocked but all (ISP, router, firewall are unchanged and they seem OK).
My ISP IS free and I use a VPN FDN on my router.
I can send mails to other servers without any problem too. So it seems too a false positive

1 Like
14

Same here, I am on Hetzner.

The problem seems to be related to the way the diagnosis works - it connects to yunohost.org on port 25, but a test just now shows this port is refusing connections (not just blocked - this would give a timeout):

sudo /bin/nc -4 -z -w2 -v yunohost.org 25
nc: connect to yunohost.org port 25 (tcp) failed: Connection refused

Is there a change to the setup of the yunohost.org server on port 25?

3 Likes
15

I’ve same problem on three yunohost installs : two on different OVH vps, the last on a desktop at home.

16

Same problem on my VPS on Hetzner

17

Me too same error on 2 servers, with a VPS and with a home’s computer. It seems also be a false positive error…

18

This may have been a false positive related to our DNS server being down. This has been fixed. Let us know if tonight’s diagnosis still shows the error.

6 Likes
19

I reran a diagnostic, everything seems to be OK for the port 25.

Thank you !

20

Everything ok here also:

sudo /bin/nc -4 -z -w2 -v yunohost.org 25
Connection to yunohost.org 25 port [tcp/smtp] succeeded!

sudo yunohost diagnosis run mail --force
Success! Everything looks OK for Email!

21

Have a look here: This did fix it for me.