Port 25 connection refused

8 posts by 4 authors in: Forums > CMS Builder
Last Post: March 20, 2020   (RSS)

By gversion - March 15, 2020

Hello,

I have configured my email settings at /cmsb/admin.php?menu=admin&action=email to use Amazon SES API credentials using port 587.

I have noticed that my server's /var/log/mail.log is reporting connection refused entries on port 25.

I don't understand what script is trying to use port 25 to send emails.

I have set CMSB to send me an email whenever there is an error on the website.

I believe the error is related to the fact that EC2 instances have port 25 blocked by default:

https://aws.amazon.com/premiumsupport/knowledge-center/ec2-port-25-throttle/

Does CMSB send errors over localhost port 25 even though I have configured the email settings to use Amazon SES?

Thanks,

Greg

By kitsguru - March 15, 2020

Make sure you have "how to send email" set to "SMTP SERVER secure -- TLS"

Jeff Shields

By gversion - March 15, 2020

Thanks, Jeff - I have that option already selected.

Regards,

Greg

By Steve99 - March 16, 2020

I believe all notices from the cms use sendMessage which uses the method you've set in email settings.

Have you looked into the possibility of server control panel alerts from cpanel/plesk/etc?

By daniel - March 16, 2020

Hi Greg,

Do the refused connections in /var/log/mail.log record originating IP address, and if so, can you verify that your CMSB site's outgoing IP matches the ones in the log? It's not uncommon for bots to blindly send out SMTP requests to servers in the hopes that they don't have the port secured, so it's worth checking first if your site is the originator of the refused connections.

Thanks,
Daniel

Daniel
Technical Lead
interactivetools.com

By gversion - March 16, 2020

Hi Daniel,

Yes, the IP address is the local IP address of my EC2 instance. So does this imply it's probably not a bot?

Regards,

Greg

By daniel - March 16, 2020

Hi Greg,

Yes, the IP address is the local IP address of my EC2 instance. So does this imply it's probably not a bot?

Yeah, that does make it seem less likely. The next two primary possibilities are: 1) The site configuration is not working correctly and CMSB is attempting to send out on port 25, 2) there's something elsewhere attempting to send contrary to the CMSB settings, such as a custom script, or hosting panel alerts as Steve99 mentioned.

Are you able to receive any email from your site? E.g. you mentioned that it's set up to notify you about error messages - do you receive these? You can also set the Outgoing Mail setting to "Send & Log" and check the Outgoing Mail log to see if there are any emails going out that you were unaware of. If CMSB is able to successfully send mail, then that generally rules out #1.

If it looks like #2, you'll have to decide whether further troubleshooting is worth the hassle, as it's a bit of an open-ended question. Unknown local SMTP connections could be anything from "hijacked script trying to send spam" to "server notification service", though I'd lean towards the latter. Since it's being blocked, there's not much ongoing harm either way. It may be worth researching how to parse your email log to see if you can glean any more details, such as to/from address, though if the connection is being rejected outright it may not record anything like that.

Let me know if you're able to make any progress, or have any more questions! This may be getting outside the realm of CMSB support, but I will still try to assist as I'm able.

Thanks,

Daniel
Technical Lead
interactivetools.com