2

I have been getting network is unreachable errors every time i try to use php to mail something out.

 alt2.gmail-smtp-in.l.google.com [2a00:1450:4010:c03::1a] Network is unreachable
 alt3.gmail-smtp-in.l.google.com [2607:f8b0:400e:c03::1a] Network is unreachable

I have tried researching around to see what could the problem be, and it seems that enabling ipv6 would cause some issues. Hence, I have attempted to disable ipv6 on my server by doing the following:

I added these lines to sysctl.conf

 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.lo.disable_ipv6 = 1
 net.ipv6.conf.eth0.disable_ipv6 = 1

and commented out the ipv6 address in the /etc/hosts file

I am not too sure if I am still missing out anything because it doesn't seem to work! Hope someone can help me out with this!

Update: ifconfig -a

 eth0      Link encap:Ethernet  HWaddr 42:01:0a:f0:64:e1
           inet addr:10.240.100.225  Bcast:10.240.100.225  Mask:255.255.255.255
           UP BROADCAST RUNNING MULTICAST  MTU:1460  Metric:1
           RX packets:2491 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2594 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:301672 (294.6 KiB)  TX bytes:356294 (347.9 KiB)

 lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:65536  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Update:

I am getting other connection timed out errors too while attempting to send new mails. But the mails did not get to the desired recipient.

 eforward3.registrar-servers.com [38.101.213.206] Connection timed out

Update:

 traceroute -n -T -p 80 38.101.213.206

 traceroute to 38.101.213.206 (38.101.213.206), 30 hops max, 60 byte packets
  1  64.233.174.176  136.720 ms  136.710 ms  136.668 ms
  2  64.233.174.176  136.673 ms  136.670 ms  136.679 ms
  3  64.233.174.176  136.681 ms  136.675 ms 209.85.242.89  136.661 ms
  4  64.233.174.176  136.644 ms 209.85.242.89  136.615 ms 64.233.174.176  136.646 ms
  5  209.85.242.89  163.646 ms 64.233.174.176  136.619 ms 209.85.242.89  163.611 ms
  6  64.233.174.176  136.617 ms  136.493 ms 209.85.242.89  180.663 ms
  7  209.85.242.89  180.643 ms 64.233.174.176  136.448 ms  136.437 ms
  8  64.233.174.176  136.425 ms  136.325 ms  136.310 ms
  9  209.85.242.89  180.503 ms  180.487 ms 64.233.174.176  136.277 ms
 10  209.85.242.89  180.106 ms 64.233.174.176  136.159 ms  136.115 ms
 11  209.85.242.89  153.688 ms 64.233.174.176  136.423 ms  178.986 ms
 12  64.233.174.176  178.866 ms  178.866 ms  178.939 ms
 13  64.233.174.205  136.899 ms  136.894 ms  136.714 ms
 14  154.54.27.161  154.155 ms 209.85.250.62  136.623 ms 154.54.27.161  153.607 ms
 15  209.85.249.4  139.747 ms  139.370 ms 209.85.249.2  136.117 ms
 16  38.88.224.5  139.138 ms  139.234 ms  139.170 ms
 17  154.54.45.30  197.888 ms 154.54.6.105  137.433 ms 154.54.28.62  196.700 ms
 18  154.54.27.237  150.673 ms 154.54.27.169  149.094 ms  149.232 ms
 19  154.54.5.65  195.015 ms 154.54.7.53  195.410 ms 154.54.5.65  194.558 ms
 20  154.54.29.221  196.056 ms  195.939 ms  196.722 ms
 21  154.54.28.62  197.622 ms * *
 22  * * 38.20.62.218  196.091 ms
 23  38.20.62.218  195.919 ms 38.122.18.154  199.002 ms 38.20.62.222  195.254 ms
 24  38.122.18.154  198.058 ms 38.101.213.206  197.167 ms  195.442 ms


 traceroute -n -T -p 25 38.101.213.206
 traceroute to 38.101.213.206 (38.101.213.206), 30 hops max, 60 byte packets
  1  * * *
  2  * * *
  3  * * *
  4  * * *
  5  * * *
  6  * * *
  7  * * *
  8  * * *
  9  * * *
 10  * * *
 11  * * *
 12  * * *
 13  * * *
 14  * * *
 15  * * *
 16  * * *
 17  * * *
 18  * * *
 19  * * *
 20  * * *
 21  * * *
 22  * * *
 23  * * *
 24  * * *
 25  * * *
 26  * * *
 27  * * *
 28  * * *
 29  * * *
 30  * * *

Telnet: I don't think I have it installed. Will I require it?

kasperd
  • 30,455
  • 17
  • 76
  • 124
toffee.beanns
  • 139
  • 2
  • 7
  • Can you post the output of `ifconfig -a`, so we can confirm that you have successfully disabled ipv6? At the moment, I suspect that you haven't. (You did reboot or use `sysctl` after those `sysctl.conf` changes, right?) – MadHatter May 24 '14 at 10:06
  • @MadHatter Yeah, I did a reboot. But it still didn't work.. updated the ifconfig -a logs too! Thanks – toffee.beanns May 24 '14 at 10:13
  • @toffee.beanns Could you post the output of `traceroute -n -T -p 80 38.101.213.206` and `traceroute -n -T -p 25 38.101.213.206` – kasperd May 24 '14 at 11:03
  • And, for that matter, `telnet 38.101.213.206 25`. – MadHatter May 24 '14 at 11:51

4 Answers4

3

On one IPv4 only server I am administrating, I see the same error messages all the time in /var/log/exim4/mainlog. But the error messages are harmless. Exim realize the address isn't working and switch to using the IPv4 address in less than one second.

Did the hosting provider advertise IPv6 support in the first place? If not, you may simply not have IPv6 connectivity. And if exim switch to IPv4 right away, the mails will still get delivered without problems.

If your server does not yet have IPv6, you may want to consider getting it, but that is a different question.

Your two traceroute outputs however point to the real problem, and it has nothing to do with IPv6. The problem is that outgoing SMTP is blocked, and it is blocked on the very first hop, which means either it is blocked by firewall rules on your machine, or it is blocked by the first router.

The port 80 traceroute shows the network is behaving somewhat strange, because the first 11 hops is just the same two IP addresses repeated again and again. Those two IP addresses belong to Google, so I guess the documentation on how to send email from Google Compute instances may be relevant to you.

kasperd
  • 30,455
  • 17
  • 76
  • 124
  • But it seems that I am not able to use php's mail() function to send out mails to anyone. I couldn't figure out what could be wrong. – toffee.beanns May 24 '14 at 10:28
  • That seems really bad. I just want to do a simple contact us, rsvp form which sends a mail to my own email account. Is there a simple way to overcome the whole thing? – toffee.beanns May 24 '14 at 13:19
  • @toffee.beanns You could store the mails in a spool on the vserver and let Gmail fetch them from there using POP. – kasperd May 24 '14 at 13:30
  • that seems too tough for me i guess. I am just starting out on this whole debian server thing. Haha. thanks for your help! – toffee.beanns May 24 '14 at 13:48
  • hi kasperd, just wondering if it was possible to send emails using another port instead, like customizing to a port that is not blocked? – toffee.beanns May 25 '14 at 01:30
  • @toffee.beanns Where would you send it to? You would need a server somewhere that can receive the email and send it back to Gmail on the proper port. If you have a server somewhere else, then sure it can be done. – kasperd May 25 '14 at 08:33
  • It would be best if it could be contained within its own server since it is meant specific to this project itself. But the provising process for the sendgrid service seems quite troublesome because they want to see the whole website, but it is not done yet, I am merely testing the components. Would this be a good deterrence factor to change to amazon cloud instead? – toffee.beanns May 25 '14 at 16:43
  • @toffee.beanns I have not tested any of the two services, and I have not read specs on the Amazon service, so I can't say if switching is a good idea or not. – kasperd May 25 '14 at 17:51
1

If you do not have ipv6 connectivity, then you should not allow exim to try to use ipv6. In your global configuration section, basically anywhere before the ACLs start, add this:

disable_ipv6 = true

Relevant documentation: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-main_configuration.html#SECTalomo Search down for disable_ipv6; they are alphabetically ordered.

Todd Lyons
  • 2,036
  • 16
  • 13
1

If you are really running on Google Compute Engine, as @kasperd added to your question, then you should be able to send e-mail - but only to Google servers and only over SSL (or over Google partner services, as the link in kasperd's answer explains).

Google says for their Compute Engine:

  • All outgoing traffic to port 25 (SMTP) is blocked.
  • Most outgoing traffic to port 465 or 587 (SMTP over SSL) is blocked. except for known Google IP addresses
  • All traffic that uses a protocol other than TCP, UDP, and ICMP is blocked.
Dubu
  • 621
  • 3
  • 12
  • 1
    The traceroute output shows the server is hosted inside the Google network. To the best of my knowledge Google Compute Engine is the only way you get to do that. – kasperd May 25 '14 at 10:50
1

It's worth noticing that if your server is hosted by a cloud provider, they might apply some network restriction rules at a global (i.e. security groups) or at a machine level (i.e. iptables).

For example, scaleway uses security groups (f.a.q. here), while digitalocean uses iptables rules (step 4 here)

Fabio
  • 181
  • 1
  • 3