0

Apparently DigitalOcean blocks outbound SMTP on IPv6.

I can confirm this with telnet as follows:

⟫ telnet smtp.gmail.com 465
Trying 2607:f8b0:400d:c07::6c...
        > Waits for about 2 minutes before it continues <
Trying 173.194.204.108...
Connected to smtp.gmail.com.
Escape character is '^]'.

So it seems it falls back to IPv4 after a while.

Using telnet -4 works instantaneously:

⟫ telnet -4 smtp.gmail.com 465
Trying 173.194.204.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.

I found that ssmtp has a -4 option too:

-4
      Forces ssmtp to use IPv4 addresses only.

For some reason however, I get the same result with and without -4. ssmt times out (or sometimes succeeds in sending the email after ~2 minutes).

My question: Why doesn't -4 work, even though telnet -4 can connect?

Alternatively: How do I best debug this? Is there some netcat command or something that I can use to confirm that ssmtp is really trying to connect over IPv4?

aioobe
  • 371
  • 1
  • 4
  • 16
  • There may be problems in established smtp session. Try to send in verbose mode (`-v` command line option). – AnFi Jun 22 '18 at 06:37
  • I did. It says `ssmtp: Cannot open smtp.gmail.com:465`. According to `ps` I have no running `ssmtp` processes so I don't think there's an existing session. – aioobe Jun 22 '18 at 06:40
  • Have you tried to check it using selective `tcpdump`? [Checking TCP/IP packets exchanged] It is possible that google/your ISP blocks **SOME** connections to port 465. – AnFi Jun 22 '18 at 06:45
  • This is the sort of hint I'm looking for. Thanks. I'll try this. – aioobe Jun 22 '18 at 08:46
  • Note that ssmtp is deprecated in favour of smtp with starttls. – wurtel Jun 25 '18 at 11:54
  • @wurtel, interesting. What do you mean by "in favour of smtp with starttls"? – aioobe Jun 25 '18 at 18:12
  • @aioobe That means the session is started over port 25, in response to the greeting of the server "EHLO localname" is sent, the server responds with capabilities such as "AUTH" and in particular "STARTTLS". The client then sends "STARTTLS", the server responds with "TLS go ahead" and then SSL handshaking is started; all over port 25. – wurtel Jun 27 '18 at 14:14

0 Answers0