0

I would like to send a mail to a gmail address:

echo "This is the body of the email" | mail -s "This is the subject line" user@gmail.com

That is what I see in the logs

connect to gmail-smtp-in.l.google.com[142.250.27.27]:25: Connection refused
connect to gmail-smtp-in.l.google.com[2a00:1450:4025:401::1a]:25: Network is unreachable
connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:4025:c03::1a]:25: Network is unreachable
connect to alt1.gmail-smtp-in.l.google.com[142.251.9.27]:25: Connection refused
connect to alt2.gmail-smtp-in.l.google.com[142.250.150.27]:25: Connection refused
Apr  9 20:04:02 ubuntu postfix/smtp[157056]: 228717CAA0: to=<user@gmail.com>, relay=none, delay=0.22, delays=0.09/0.09/0.04/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.150.27]:25: Connection refused)

tried to test this destination with netcat and the result was the same:

ubuntu@ubuntu:~$ nc -zvn 142.251.9.27 25
nc: connect to 142.251.9.27 port 25 (tcp) failed: Connection refused

then I checked the port 587 with the following command - which went ok:

ubuntu@ubuntu:~$ openssl s_client -connect smtp.gmail.com:587 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = smtp.gmail.com
verify return:1

so I tried to force postfix to use encryption according to this so modified the main.cf:

smtpd_tls_security_level=encrypt
smtp_tls_security_level=encrypt

but still trying to use port 25 which is blocked. So my question is that how can I force postfix to use different port from 25 to be able to send outgoing mails?

laplasz
  • 135
  • 7

1 Answers1

3

but still trying to use port 25 which is blocked. So my question is that how can I force postfix to use different port from 25 to be able to send outgoing mails?

You can't.

Or well, you can force Postfix to do that. But the rest of the world expects e-mail to come via port 25. Using port 587 won't work - that's for authenticated submissions (hint: the port is named that) from client software. Not for SMTP server to SMTP server communication.

You have to tell your ISP to open port 25. Any business ISP should cater to such a request.

vidarlo
  • 6,654
  • 2
  • 18
  • 31
  • so I would like to send a mail towards gmail not using remote port 25 - I think smtp gmail listens on other ports as well, like 587 - so should I send mail with submissions then? thx – laplasz Apr 10 '23 at 10:24
  • No! Talk with your ISP and tell them to open port 25. Noone expects incoming e-mail on port 587, that is for ***CLIENT***, e.g. end user, submission of mail. Again: Read the *first* sentence of my answer. – vidarlo Apr 10 '23 at 10:32