DNS Namecheap/Cloudflare/Linode send email timeout

Hello! I have a website with code hosted on Linode, domain from Namecheap and Cloudflare set as a proxy. The website works fine with this configuration. Now, I created a private email in Namecheap and I’m trying to send emails from my code (it is a Laravel in Linode). From Namecheap I received some DNS settings which I set on Cloudflare. The problem is that when I’m trying to send an email from PHP (Laravel), the response is timeout. Can someone help me with a suggestion/fix this issue? From localhost I can send emails with namecheap credentials.

This is my config in .env:

MAIL_MAILER=smtp
MAIL_HOST=mail.privateemail.com
MAIL_PORT=587

and if I try to call telnet from Linode machine, return timeout and the ip is cloudflare ip:

telnet  mail.privateemail.com 465
Trying 198.54.122.135...
telnet: Unable to connect to remote host: Connection timed out
% whois 198.54.122.135

NetRange:       198.54.112.0 - 198.54.127.255
CIDR:           198.54.112.0/20
NetName:        NAMEC-4
NetHandle:      NET-198-54-112-0-1
Parent:         NET198 (NET-198-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Namecheap, Inc. (NAMEC-4)
RegDate:        2015-11-13
Updated:        2015-11-13
Ref:            https://rdap.arin.net/registry/ip/198.54.112.0

That is a Namecheap IP and it accepted my connection without issue. I don’t have an account on that mailserver, so I was unable to proceed further. Nothing should prevent you from logging in to that mailserver, though, unless your webserver IP is blocked there for some reason. Make sue that you have configure authenticated SMTP credentials in your application.

% openssl s_client -connect mail.privateemail.com:465
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = privateemail.com
verify return:1
---
Certificate chain
 0 s:CN = privateemail.com
   i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
 1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
Truncated for brevity.
-----END CERTIFICATE-----
subject=CN = privateemail.com

issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5338 bytes and written 395 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
220 PrivateEmail.com prod Mail Node
EHLO suspemunte.com
250-mta-13.privateemail.com
250-PIPELINING
250-SIZE 81788928
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 CHUNKING

from local machine I can connect successfully, but from linode machine, return timeout. That means something from linode is not configured properly?

mariuscopacel@Mariuss-MacBook-Pro / % openssl s_client -connect mail.privateemail.com:465
Connecting to 198.54.122.135
CONNECTED(00000006)
depth=2 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
verify return:1
depth=1 C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN=privateemail.com
verify return:1
---
Certificate chain
 0 s:CN=privateemail.com
   i:C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Oct 18 00:00:00 2023 GMT; NotAfter: Nov 17 23:59:59 2024 GMT
 1 s:C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
   i:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Nov  2 00:00:00 2018 GMT; NotAfter: Dec 31 23:59:59 2030 GMT
 2 s:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
   i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Mar 12 00:00:00 2019 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
subject=CN=privateemail.com
issuer=C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5338 bytes and written 393 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
220 PrivateEmail.com prod Mail Node

and from linode:

root@localhost:~# openssl s_client -connect mail.privateemail.com:465
139974504408384:error:0200206E:system library:connect:Connection timed out:../crypto/bio/b_sock2.c:110:
139974504408384:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=110

Linode (which is now Akami) blocks email ports outbound (25, 465, 587).

See this post:

2 Likes

That seems to be the problem. I’ll open a ticket to Akamai. Thanks!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.