# Sendgrid - unable to connect - port 587 **URL:** https://discourse.roots.io/t/sendgrid-unable-to-connect-port-587/11428 **Category:** trellis **Created:** 2018-01-26T05:46:43Z **Posts:** 11 ## Post 1 by @jasperfrumau — 2018-01-26T05:46:43Z Got an error connecting to Sendgrid:`Jan 25 08:33:42 domain sSMTP[16424]: Unable to connect to "smtp.sendgrid.net" port 587.` I did a check and saw that port is not open: ``` # netstat -ntlp | grep LISTEN tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1500/nginx -g daemo tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1343/memcached tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1500/nginx -g daemo tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 23307/sshd tcp6 0 0 :::443 :::* LISTEN 1500/nginx -g daemo tcp6 0 0 :::3306 :::* LISTEN 1618/mysqld tcp6 0 0 :::80 :::* LISTEN 1500/nginx -g daemo ``` I did not see anything on the need to open the port in the Trellis documentation though and I think we did receive registration emails before. Only lately WooComerce purchase confirmations and so on arrive really late. How do you normally open up a port on Trellis? I think I should add a rule to _trellis/group\_vars/all/security.yml_ but could use some help with it… --- ## Post 2 by @jasperfrumau — 2018-01-26T06:11:11Z I added ``` - type: dport_accept dport: [587] protocol: tcp - type: dport_accept dport: [587] protocol: udp ``` to `group_vars/all/security.yam`l and re-provisioned. But when I checked the ports that were open again I did not see port 587 listed… **PS** How can I just run that role or task? Would be way faster… --- ## Post 3 by @jasperfrumau — 2018-01-26T13:41:47Z Just ran a : a`nsible-playbook server.yml --tags "ferm,ssmtp, mail" -e env=production` and I saw: ``` TASK [ferm : ensure iptables INPUT rules are added] ****************************** ok: [xxx.xxx.xxx.xxx] => (item={u'dport': [u'http', u'https'], u'type': u'dport_accept', u'filename': u'nginx_accept'}) ok: [xxx.xxx.xxx.xxx] => (item={u'dport': [u'ssh'], u'type': u'dport_accept', u'saddr': [u'82.194.37.130']}) ok: [xxx.xxx.xxx.xxx] => (item={u'dport': [u'ssh'], u'seconds': 300, u'hits': 20, u'type': u'dport_limit'}) changed: [xxx.xxx.xxx.xxx] => (item={u'dport': [587], u'protocol': u'tcp', u'type': u'dport_accept'}) changed: [xxx.xxx.xxx.xxx] => (item={u'dport': [587], u'protocol': u'udp', u'type': u'dport_accept'}) ``` So the `security.yaml` changes do seem to work. Just did not see it running a `netstat -ntlp | grep LISTEN` Also nmap states 587 is not open ``` nmap xxx.xxx.xxx.xxx Starting Nmap 7.40 ( https://nmap.org ) at 2018-01-26 16:51 +03 Nmap scan report for xxx.xxx.xxx.xxx Host is up (0.22s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 13.93 seconds ``` Strange… --- ## Post 4 by @swalkinshaw — 2018-01-26T21:17:58Z :thinking: so those ports are for _incoming_ requests. Your SMTP requests to Sendgrid are outgoing. You won’t see a port open listening for connections for those. [roots.io](http://roots.io) uses Mailgun on port `587` and we didn’t need to do anything for security. I suggest trying to connect manually via Telnet on your server to try and see if it really can’t connect. --- ## Post 5 by @masoninthesis — 2018-01-27T03:23:13Z Are you getting any 504 or 502 errors by chance? I think this issue might be related to my recent issue: [504 Time-out - upstream timed out](https://discourse.roots.io/t/504-time-out-upstream-timed-out/11418/10) If I were you, I’d download the [Sendgrid Wordpress Plugin](https://wordpress.org/plugins/sendgrid-email-delivery-simplified/). So far using the API keys seems to fix the issue. I’ll probably stick with this fix rather than debug the port issue. --- ## Post 6 by @jasperfrumau — 2018-01-27T07:29:55Z Yeah, clearly need to learn some more here. Felt kinda silly there. I tried telnet from the Trellis Digital Ocean server itself after I removed these unnecessary port changes: ``` telnet smtp.sendgrid.net 587 Trying 108.168.183.160... telnet: Unable to connect to remote host: Connection timed out ``` so got the same kind of time-out issue. From my own Mac I did get connected. ``` telnet smtp.sendgrid.net 587 Trying 159.122.219.43... Connected to smtp.sendgrid.net. Escape character is '^]'. 220 SG ESMTP service ready at ismtpd0002p1lon1.sendgrid.net ``` oddly enough different ips from both locations but perhaps that is related to from where you telnet in. So from the server I could not and from my box I could. **Update** See [https://www.digitalocean.com/community/questions/outgoing-connections-on-port-25-587-143-blocked-over-ipv6](https://www.digitalocean.com/community/questions/outgoing-connections-on-port-25-587-143-blocked-over-ipv6) . On ipv6 port 587 seems to be blocked on several DO regions when ipv6 is used. Solutions offered there did not do the trick though. --- ## Post 7 by @jasperfrumau — 2018-01-27T08:21:09Z I added the SendGrid WordPress Plugin to try the api. But when I went to settings things went all haywire. The settings page kept on reloading. Perhaps because wp mail is being used by other plugins… I mean they said if that was the case you would not be able to use the plugin. Not sure what plugin would be using it… Perhaps WooCommerce, AccessAlly or another. This is taking a lot more work than I anticipated… --- ## Post 8 by @masoninthesis — 2018-01-27T08:46:28Z I have Woocommerce on my install, and it’s working via API now. I changed mail.yml to default. Sorry I thought it would work straight out for you like it did for me. Hopefully you can figure it out soon. I was convinced our issues are related but possible not. If you have the option of downgrading to ipv4, here’s a thread I’d done on that a couple years back: [Composer.lock & Packagist Issues](https://discourse.roots.io/t/composer-lock-packagist-issues/5947/5) --- ## Post 9 by @jasperfrumau — 2018-01-27T08:53:13Z Well I tried to add details once again in Chrome instead of Safari and there I did not have the issue. So added api key and email sender details. Now I wonder… How can I do a quick api test @masoninthesis ? **Update** : Never mind that. Test was built in and things to seem to work when testing :slight_smile: --- ## Post 10 by @masoninthesis — 2018-01-27T09:05:36Z great man! :metal: Yeah I’m gonna stick w/ the plugin now that I know about it. Anything to simplify things. --- ## Post 11 by @swalkinshaw — 2018-01-27T18:35:08Z Wow that’s pretty awful on DO’s part :frowning: Glad you got the workaround figured out.