I have a dedicated server with Bluehost where I put to work several scripts and projects (specially Python). One of them consists of a basic email sender through smtp.gmail.com, port 465, but it randomly stopped working. After digging and digging, I realized that my user in that server is not successfully communicating to smtp.gmail.com. But turns out it is not communicating with smtp.live.com nor imap.gmail.com either, so I guess that something is wrong there.
When I execute the command: openssl s_client -crlf -connect smtp.gmail.com:465 thorugh sudo (or directly from root user) and in the server these are the outputs:
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = imap.gmail.com
verify return:1
---
Certificate chain
0 s:CN = imap.gmail.com
i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
blablablabla
.
.
.
blablablabla
-----END CERTIFICATE-----
subject=CN = imap.gmail.com
.
.
.
etc
And from my user:
CONNECTED(00000003)
depth=3 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certifi cate Services
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Au thority"
verify return:1
depth=0 CN = [My server name!!!!! WHY?????]
verify return:1
---
Certificate chain
0 s:/CN=[my server name]
i:/C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
1 s:/C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Au thority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Au thority
i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
blablablabla
.
.
.
blablablabla
-----END CERTIFICATE-----
subject=CN = [My server again]
.
.
.
etc
Same thing happens with imap.gmail.com, smtp.live.com, and I guess etc. My server seems to be communicating with itself instead external servers. Other openSSL queries to websites through port 443 work perfectly, AND SOMETHING IMPORTANT, when I do Telnet smtp.gmail.com 25, it also gets connected with my own server, not the case with sudo/root user, where it works perfect.
Could I have something broken with SSL or something like that?
Thank you!
CodePudding user response:
Access to outside systems is restricted to port 80 and 443 for shared hosting. To cite from Bluehost Web Hosting Help - Script Cannot Make Outbound Connection:
Our shared IP addresses only allow outbound connection on ports 80(http), 443(https). ... To discourage spam from our servers, we do not allow outbound connections to ports 25 and 465 with or without a dedicated IP.
CodePudding user response:
The best solution was contacting Bluehost, and after scaling to their senior team, they got with the solution:
Hello,
Thank you for your response, explaining the issue you are experiencing further.
There is a setting in the WHM that only allows outbound SMTP connections from root, exim and mailman. I set that to off so you will now be able to connect via SMTP as the cPanel user and not just as root.