Postfix outgoing SMTP: "connection timed out"

I have a little problem with my postfix. The thing is that I can receive emails but when I send an email I get a Connection timed out error.

connect to outlook-com.olc.protection.outlook.com[104.47.5.33]:25: Connection timed out

This is happening with all the emails I send and not just with outlook. I already searched for solutions for this problem but couldn't find anything useful.

This is my main.cf:

# This file was automatically installed on 2019-06-27T15:11:55.824661
inet_interfaces = all
inet_protocols = ipv4
myhostname = webmail.apt-one.com
myorigin = $myhostname
mydestination = $myhostname
mynetworks = 127.0.0.0/8
smtpd_banner = $myhostname ESMTP
biff = no
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
# appending .domain is the MUA's job.
append_dot_mydomain = no
readme_directory = no
mailbox_size_limit = 0
message_size_limit = 11534336
recipient_delimiter = +
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
## Proxy maps
proxy_read_maps = proxy:unix:passwd.byname proxy:pgsql:/etc/postfix/sql-domains.cf proxy:pgsql:/etc/postfix/sql-domain- aliases.cf proxy:pgsql:/etc/postfix/sql-aliases.cf proxy:pgsql:/etc/postfix/sql-relaydomains.cf proxy:pgsql:/etc/postfix/sql-maintain.cf proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf proxy:pgsql:/etc/postfix/sql-sender-login-map.cf proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf proxy:pgsql:/etc/postfix/sql-transport.cf
## TLS settings
#
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_key_file = /etc/nginx/privkey.pem
smtpd_tls_cert_file = /etc/nginx/fullchain.pem
smtpd_tls_dh1024_param_file =
${config_directory}/dh2048.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database =
btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_note_starttls_offer = yes
# Disallow SSLv2 and SSLv3, only accept secure ciphers
smtpd_tls_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtpd_tls_ciphers = high
smtpd_tls_mandatory_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, RSA, eNULL, aNULL
smtpd_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, RSA, eNULL, aNULL
smtp_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, RSA, eNULL, aNULL
smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, RSA, eNULL, aNULL
tls_preempt_cipherlist = yes
# Enable elliptic curve cryptography
smtpd_tls_eecdh_grade = ultra
# Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scach
smtp_tls_key_file = /etc/nginx/privkey.pem
smtp_tls_cert_file = /etc/nginx/fullchain.pem
## Virtual transport settings#
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/sql-domains.cf
virtual_alias_domains = proxy:pgsql:/etc/postfix/sql-domain-aliases.cf
virtual_alias_maps = proxy:pgsql:/etc/postfix/sql-aliases.cf
## Relay domains#
relay_domains = proxy:pgsql:/etc/postfix/sql-
relaydomains.cf
transport_maps = proxy:pgsql:/etc/postfix/sql-transport.cf proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf
## SASL authentication through Dovecot#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
## SMTP session policies#
# We require HELO to check it later
smtpd_helo_required = yes
# We do not let others find out which
recipients are valid
disable_vrfy_command = yes
# MTA to MTA communication on Port 25. We expect (!) the other party to
# specify messages as required by RFC 821.
strict_rfc821_envelopes = yes
# Verify cache setup
address_verify_map =
proxy:btree:$data_directory/verify_cache
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map
# OpenDKIM setup
smtpd_milters = inet:127.0.0.1:12345
non_smtpd_milters = inet:127.0.0.1:12345
milter_default_action = accept
milter_content_timeout = 30s
# List of authorized senders
smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/sql-sender-login-map.cf
# Recipient restriction rules
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated check_recipient_access proxy:pgsql:/etc/postfix/sql-maintain.cf proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf reject_unverified_recipient reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_non_fqdn_helo_hostname
## Postcreen settings#
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_blacklist_action = enforce
# Use some DNSBL
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.spameatingmonkey.net*2 dnsbl.habl.org bl.spamcop.net dnsbl.sorbs.net
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_action = enforce
postscreen_greet_banner = Welcome, please wait...
postscreen_greet_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce

Does anyone have a solution for this?

3

1 Answer

Lots of ISPs block outbound connections on port 25. ATT consumer/residential plans, as of the time of writing, all seem to block it. You may be able to change this in your ISP-provided router's configuration, or ask your ISP to allow it for your client at the gateway...

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like