Outbound port open on firewall, how to unblock for

2019-01-27 09:36发布

问题:

The goal is to send outbound email from my shared host to Mandrill via SMTP using PHP and I have full cooperation with the host sys admins.

Current situation:

  • ✅ PHP can connect to smtp.mandrillapp.com port 443 (used for HTTPS)
  • ❌ PHP cannot connect to smtp.mandrillapp.com port 587 (used for SMTP)
  • ✅ PHP can connect to portquiz.net port 443 (used for HTTPS)
  • ❌ PHP cannot connect to portquiz.net port 587 (used for SMTP)
  • ✅ Telnet can connect to smtp.mandrillapp.com port 443
  • ✅ Telnet can connect to smtp.mandrillapp.com port 587

Telnet is tested by them logging in as root and running telnet HOST PORT. PHP is tested by using the script below.

What configuration option for PHP could possibly be causing outbound connections on port 587 to be blocked? And how can we reverse that configuration?

<?php
// Test outbound server connections

// https://mandrill.zendesk.com/hc/en-us/articles/205582167-What-SMTP-ports-can-I-use-
$servers = array(
    array("ssl://www.google.com", 443),
    array("ssl://smtp.mandrillapp.com", 465),
    array("smtp.mandrillapp.com", 25),
    array("smtp.mandrillapp.com", 587),
    array("smtp.mandrillapp.com", 2525),
    array("smtp.mandrillapp.com", 443)
);

foreach ($servers as $server) {
    list($server, $port) = $server;
    echo "<h1>Attempting connect to <tt>$server:$port</tt></h1>\n";
    flush();
    $socket = fsockopen($server, $port, &$errno, &$errstr, 10);
    if(!$socket) {
      echo "<p>ERROR: $server:$portsmtp - $errstr ($errno)</p>\n";
    } else {
      echo "<p>SUCCESS: $server:$port - ok</p>\n";
    }
    flush();
}
?>

回答1:

As far as I know it is not possible to block any specific ports using PHP. (Maybe using suhosin, but I've never heard of this option.)

Could you ask your hosting provider if SELinux is enabled? SELinux allows the operating system to deny certain users/processes to bind/connect to a certain port. This could be the reason why they can connect to the SMTP server using telnet as root, but the PHP process under your own user is not able to. I've experienced CentOS servers in which I was unable to connect to port 80 with PHP/Apache, but when I executed curl/wget as root everything went great.