Flask Email TimeOut
After moving my flask project to linode, everything is working except for email. When I try to send it, I just get time out. I've double-checked my settings on a local machine, and there I can successfully send an email.
8 Replies
Are there holes in your firewall for the appropriate email ports. For new Linodes, you have request that Linode unblock them for you.
— sw
It might be something as simple as that since I'm new to this. I have installed ufw firewall and then run:
$ sudo ufw default allow outgoing
$ sudo ufw default deny incoming
$ sudo ufw allow ssh
$ sudo ufw allow 5000
$ sudo ufw enable
Is this how I'm supposed to request the unblock? (Ubuntu)
First, the answer to your fist question is no. You realize that the submission of email is a 2 way process, right? Your firewall blocks all incoming traffic that is not on port 5000 or ssh. That would include email (not only submission but also user agent & inbound email traffic).
Second, you need to contact Linode about the blocks they place on new Linodes wrt email. File a support ticket.
Third, you should read this:
https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw/
and this
https://www.tecmint.com/setup-ufw-firewall-on-ubuntu-and-debian/
Fourth, you should read @rdaniels excellent post below.
— sw
rdaniels
Linode Staff
@RamilRAleskerov It sounds like you recently signed up for a Linode. Since November 5, 2019 all new accounts will need to open a Support ticket including the below information. Make sure A records and rDNS are set up for the Linodes you want to send mail from.
- Which Linode(s) will be used for mailing?
- Can you confirm that your mailing practices are CAN-SPAM compliant?
You will also want to review Section 2 ("Abuse") of our Acceptable Use Policy. Terms of Service or AUP violations may result in the reinstatement of SMTP port restriction.
Additional Resources
Thank you both for the responses. I think I actually allowed more ports for firewall (now that I went through my command history), but at this point, I'm doing a lot of copying and pasting since my understanding of servers is very limited, and so I just mentioned those 5 commands because they seemed most relevant.
As you both mentioned, I think the problem occurs because of the support ticket, since it's a relatively new update. I'm following tutorials predating it, so it would explain why.
Unfortunately, it will take me some time before I can say that for sure since I first need to figure out A records and rDNS :P
Thanks again
Does your Linode have a mail server or are you trying to use Gmail/Outlook/Yahoo/whatever as your server?
If you don't have a mail server, you don't need rDNS or MX records.
-- sw
For now, I was just trying to use my personal Gmail account to send mail, so I set MAIL_SERVER = 'smtp.googlemail.com' and then just used my login and password. I'm not quite sure why I would need a server since I don't think I'll have any significant traffic unless there I'm overlooking something.
In order to send mail, you need to have a server that knows how to deal with the SMTP protocol (port 25) and the SUBMISSION protocol (ports 587/465). In order to read mail, you need a program that understands either IMAP/IMAPS (ports 143/993) or POP3/POP3S (ports 110/995).
The SMTP/SUBMISSION program is call the mail transfer agent. The other one is call the mail user agent. You're trying to use smtp.googlemail.com as your transfer agent…that's fine. Maybe you're using some form of web mail, RoundCube, Thunderbird, Apple Mail, etc. as your user agent…I dunno…but that's fine too.
Provided you've fixed all your firewall issues, Google has a long set of rules that programs have to follow before they will accept mail from them (especially mail in any volume). The first rule is that you have to use the correct name for Google's transfer agent: smtp.gmail.com. The second rule is to use the correct port (probably not port 25 like your default probably is set to). The others can be found here:
https://kinsta.com/knowledgebase/free-smtp-server
Note that this is just for the casual sender of individual mail. There are pretty severe limits on what/how much email your system can send this way (which, I believe, are noted in the article).
If you want to do more, you need to deploy a transfer agent (like postfix or exim). However, Google is like the rest of the world -- they require your transfer agent have SPF, DKIM and rDNS to be set up correctly so they can reasonably be assured you're who you say you are and that you're not some script-kiddie in the Seychelles with a Visual Basic manual trying to make a few bucks…or the KGB trying to disrupt the US election.
Operating a transfer agent is not for the faint of heart or a newbie. You can thank your local spammer for this. You have no idea how much effort I've expended over the years trying to fend these a**-hats off! I'll bet the email admins at Linode have a similar set of horror stories…
-- sw