Unable to send mail using External SMTP

Permalink 1 user found helpful
I am attempting to configure Concrete5 version 8.2.1 to send form responses using an External SMTP Server. We use G Suite for outgoing email and configured the Settings plane with the following info:

Mail Server: smtp.gmail.com
Username: [email protected]
Passsword: secret
Encryption: SSL
Port: 465
Messages per connection: (empty)

However, running a mail test results in the following error:

The following error was found while trying to send the test email:
Could not open socket: stream_socket_client(): unable to connect to ssl://smtp.gmail.com:465 (Connection timed out)

I have tried switching between SSL/TLS and specifying ports 465 and 589 (or no port at all). Every combination of those produces the same error. Our website also has the php7-openssl package installed and enabled. What can I do to further troubleshoot this issue?

View Replies:
c5dragon replied on at Permalink Reply
c5dragon
Had to do this once with an account (g-suite / google apps).
https://support.google.com/accounts/answer/6010255?hl=en...

And:
Enc: TLS
Port: 587

(This works in a 5.7.13 environment)
mititle replied on at Permalink Reply
Thank you for that. We have "Allow less secure apps" enforced for the entire organization. Although I had the SMTP TLS port wrong (587 and not 589), the same error persists:

The following error was found while trying to send the test email:
Could not open socket: stream_socket_client(): unable to connect to tcp://smtp.gmail.com:587 (Connection timed out)

Could this be DNS related?
c5dragon replied on at Permalink Reply
c5dragon
mititle replied on at Permalink Reply
We resolved the issue. Turns out neither concrete5 or Google were to blame. Our web host was.

DigitalOcean's "Droplet" VPS servers have an option to enable IPv6 networking when you first create them. If you choose to enable IPv6, DNS resolution on the server (and within concrete5) will prefer version 6 addresses over version 4.

As of September 2017, DigitalOcean does not hand out a full /64 block to each Droplet. However, most spam blacklist databases strike out entire /64 blocks. This means DO's current network stack could allow one bad actor to blacklist a large number of Droplets. Their current workaround is blocking all outbound ports associated with email. There is no official documentation of this behavior and I discovered it on a Community forum thread:https://www.digitalocean.com/community/questions/outgoing-connection...

When concrete5 tried contacting smtp.gmail.com, our Droplet provided the IPv6 address of Google's SMTP servers while DigitalOcean silently dropped traffic to ports 25, 465, and 587. The solution that finally allowed us to send mail through concrete5 was editing the /etc/gai.conf file and adjusting the IPv6 precedence so our Droplet preferred version 4 over 6.

Hopefully, this helps someone out there. I plan on opening a ticket with DigitalOcean to express my dissatisfaction regarding their firewall rules. Thank you for your assistance, c5dragon!