I have the same issue.... I’m not sure how to interpret my iptables rules (lots of output), but I only setup basic Uncomplicated FireWall rules:
root@eqt:~# ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
25/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
25/tcp (v6) ALLOW Anywhere (v6)
(I also am running apparmor, but I don’t think that is involved)
Dig returns instantly
dig +short smtp.gmail.com
gmail-smtp-msa.l.google.com.
64.233.171.108
64.233.171.109
Ping is equally quick
ping smtp.gmail.com
PING gmail-smtp-msa.l.google.com (64.233.171.108) 56(84) bytes of data.
64 bytes from qd-in-f108.1e100.net (64.233.171.108): icmp_seq=1 ttl=50 time=15.2 ms
64 bytes from qd-in-f108.1e100.net (64.233.171.108): icmp_seq=2 ttl=50 time=15.4 ms
But telnet takes like 4 minutes
time telnet smtp.gmail.com 587
Trying 2607:f8b0:400d:c03::6d...
Trying 64.233.171.108...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 smtp.gmail.com ESMTP g19sm5242291qkh.18 - gsmtp
^]
telnet> quit
Connection closed.
real 4m0.443s
user 0m0.000s
sys 0m0.004s
And, my PHP web application ( https://freephile.org/wikireport ), which is using PHPMailer, takes about 130 seconds when sending a simple email message but only 1 second when I turn off the email. (Mail does get delivered… I figured this must be due to some negotiation in the application to find and use port 25 when 587 times out.)
Then I thought I solved it by opening port 587 with ufw (/smacks forehead duh!) but that actually didn’t change anything.
I tried ufw allow 587 (no qualifier about UDP/TCP protocol)
I tried ufw allow out 587 (specifically allow outgoing traffic only)
neither had an effect on the mail time.
root@eqt:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
25/tcp ALLOW IN Anywhere
587 ALLOW IN Anywhere
465 ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
25/tcp (v6) ALLOW IN Anywhere (v6)
587 (v6) ALLOW IN Anywhere (v6)
465 (v6) ALLOW IN Anywhere (v6)
587 ALLOW OUT Anywhere
465 ALLOW OUT Anywhere
587 (v6) ALLOW OUT Anywhere (v6)
465 (v6) ALLOW OUT Anywhere (v6)
I’ve scanned the dmesg output and /var/log/syslog and also looked at iptables -L -n but there isn’t anything that looks wrong.
Heading over to open a support ticket and will update when solved.
Based on previous questions, it would appear as if DigitalOcean for some reason blocks outgoing IPv6 SMTP.
https://www.digitalocean.com/community/questions/outgoing-connections-on-port-25-587-143-blocked-over-ipv6
https://www.digitalocean.com/community/questions/outgoing-smtp-over-ipv6-on-london-location