Got an error connecting to Sendgrid:Jan 25 08:33:42 domain sSMTP[16424]: Unable to connect to "smtp.sendgrid.net" port 587.
I did a check and saw that port is not open:
# netstat -ntlp | grep LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1500/nginx -g daemo
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1343/memcached
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1500/nginx -g daemo
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 23307/sshd
tcp6 0 0 :::443 :::* LISTEN 1500/nginx -g daemo
tcp6 0 0 :::3306 :::* LISTEN 1618/mysqld
tcp6 0 0 :::80 :::* LISTEN 1500/nginx -g daemo
I did not see anything on the need to open the port in the Trellis documentation though and I think we did receive registration emails before. Only lately WooComerce purchase confirmations and so on arrive really late. How do you normally open up a port on Trellis? I think I should add a rule to trellis/group_vars/all/security.yml but could use some help with it…
I added
- type: dport_accept
dport: [587]
protocol: tcp
- type: dport_accept
dport: [587]
protocol: udp
to group_vars/all/security.yaml and re-provisioned. But when I checked the ports that were open again I did not see port 587 listed…
PS How can I just run that role or task? Would be way faster…
Just ran a : ansible-playbook server.yml --tags "ferm,ssmtp, mail" -e env=production and I saw:
TASK [ferm : ensure iptables INPUT rules are added] ******************************
ok: [xxx.xxx.xxx.xxx] => (item={u'dport': [u'http', u'https'], u'type': u'dport_accept', u'filename': u'nginx_accept'})
ok: [xxx.xxx.xxx.xxx] => (item={u'dport': [u'ssh'], u'type': u'dport_accept', u'saddr': [u'82.194.37.130']})
ok: [xxx.xxx.xxx.xxx] => (item={u'dport': [u'ssh'], u'seconds': 300, u'hits': 20, u'type': u'dport_limit'})
changed: [xxx.xxx.xxx.xxx] => (item={u'dport': [587], u'protocol': u'tcp', u'type': u'dport_accept'})
changed: [xxx.xxx.xxx.xxx] => (item={u'dport': [587], u'protocol': u'udp', u'type': u'dport_accept'})
So the security.yaml changes do seem to work. Just did not see it running a netstat -ntlp | grep LISTEN Also nmap states 587 is not open
nmap xxx.xxx.xxx.xxx
Starting Nmap 7.40 ( https://nmap.org ) at 2018-01-26 16:51 +03
Nmap scan report for xxx.xxx.xxx.xxx
Host is up (0.22s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 13.93 seconds
Strange…
so those ports are for incoming requests. Your SMTP requests to Sendgrid are outgoing. You won’t see a port open listening for connections for those.
roots.io uses Mailgun on port 587 and we didn’t need to do anything for security.
I suggest trying to connect manually via Telnet on your server to try and see if it really can’t connect.
3 Likes
Are you getting any 504 or 502 errors by chance?
I think this issue might be related to my recent issue: 504 Time-out - upstream timed out
If I were you, I’d download the Sendgrid Wordpress Plugin. So far using the API keys seems to fix the issue. I’ll probably stick with this fix rather than debug the port issue.
1 Like
Yeah, clearly need to learn some more here. Felt kinda silly there. I tried telnet from the Trellis Digital Ocean server itself after I removed these unnecessary port changes:
telnet smtp.sendgrid.net 587
Trying 108.168.183.160...
telnet: Unable to connect to remote host: Connection timed out
so got the same kind of time-out issue. From my own Mac I did get connected.
telnet smtp.sendgrid.net 587
Trying 159.122.219.43...
Connected to smtp.sendgrid.net.
Escape character is '^]'.
220 SG ESMTP service ready at ismtpd0002p1lon1.sendgrid.net
oddly enough different ips from both locations but perhaps that is related to from where you telnet in. So from the server I could not and from my box I could.
Update
See https://www.digitalocean.com/community/questions/outgoing-connections-on-port-25-587-143-blocked-over-ipv6 . On ipv6 port 587 seems to be blocked on several DO regions when ipv6 is used. Solutions offered there did not do the trick though.
I added the SendGrid WordPress Plugin to try the api. But when I went to settings things went all haywire. The settings page kept on reloading. Perhaps because wp mail is being used by other plugins… I mean they said if that was the case you would not be able to use the plugin. Not sure what plugin would be using it… Perhaps WooCommerce, AccessAlly or another. This is taking a lot more work than I anticipated…
I have Woocommerce on my install, and it’s working via API now. I changed mail.yml to default. Sorry I thought it would work straight out for you like it did for me. Hopefully you can figure it out soon. I was convinced our issues are related but possible not.
If you have the option of downgrading to ipv4, here’s a thread I’d done on that a couple years back: Composer.lock & Packagist Issues
Well I tried to add details once again in Chrome instead of Safari and there I did not have the issue. So added api key and email sender details. Now I wonder… How can I do a quick api test @masoninthesis ?
Update: Never mind that. Test was built in and things to seem to work when testing 
great man! 
Yeah I’m gonna stick w/ the plugin now that I know about it. Anything to simplify things.
Wow that’s pretty awful on DO’s part 
Glad you got the workaround figured out.