Digital Ocean Firewall blocking sending Email

December 28, 2017 5.1k views
Firewall Ubuntu 16.04

Hi all,
I'm running a WordPress site on Ubuntu 16.04 Server. Before using Digital Ocean Firewall feature. My WordPress site was sending outgoing emails without any problem but after enabling I'm getting following error in my mail server log:

server postfix/smtp[10014]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c03::1b]:25: Network is unreachable

Currently I'm using following rules in the firewall:

Inbound Rules:
SSH TCP 22
DNS TCP TCP 53
HTTP TCP 80
HTTPS TCP 443
DNS UDP UDP 53

Outbound Rules:
DNS TCP TCP 53
HTTP TCP 80
HTTPS TCP 443
DNS UDP UDP 53

Please help me which port rule I'll need to add in the firewall to fix the issue,
Thanks!

3 comments
  • Hi there,

    It depends on what kind of SMTP port you are using. But from what I read, you need to open TCP/UDP port 587. Hope this helps you out

  • Thank you for reply,
    Will you please tell me where I need to add 587 port tcp/udp rule: in Inbound or Outbound?

  • Has this issue been resolved yet? Any workaround? I can't seem to get postfix to use something other than 25 for outgoing emails. Any luck?

8 Answers
chup1ds February 2, 2018
Accepted Answer

Me too. I send support ticket about it and here DO answer:

*Hello,

Thank you for contacting DigitalOcean.

Stopping spam is a constant fight, so we have implemented some restrictions on newer accounts. To qualify for the ability to send out email, we do require accounts to wait 60 days before we can look into removing the restriction. Once your account has reached 60 days of stable use, please do reach back out to us so we can look into this for you.

We appreciate your understanding on this matter.*

well this is not make sense to me.

I'm working to build ecommerce site. I signup for vps service and buy cpanel license in order to have manage my site without have shared host limitation. Why DO limit their vps user for sending email from the server while all shared host allow their clients from the first time they signup?

It seems that DO has blocked SMTP ports although you'd applied all-port outgoing rules. I've tested with Amazon AWS to send emails through Zoho Mail and it's okay. Problems are with DO for sure.

Same trouble here. My postfix worked well for years and I have connections timeout since some days ago.

The Problem has been fixed after creating a ticket. Digital Ocean blocked the SMTP port. They want to stop spam, and when contacted they asked few questions, e.g.: My name, Company Name, Blog name and some other info. And they unlocked the port. So if you're facing the same, then you'll need to contact Digital Ocean by submitting a support ticket.

hello, all my emails to FEDEX.COM are blocked. Please advise

I have this same problem, Digital Ocean are blocking SMTP for 60 days. They didn't offer to ask me any questions to get the block lifted though, so my app is stuck with not being able to send emails until I can find a way around or move everything to another VPS. This seems to me to be such a stupid policy. Why 60 days? What account activity are they looking at in these 60 days to make themselves feel confident that I'm not a spammer? I can't send emails, so how are they going to know whether my emails are spam or not? Surely they're just mildly inconveniencing actual spammers (who will just have to keep an account dormant for 60 days and then they can spam whoever they like), whilst at the same time massively inconveniencing genuine users. I don't get it and I wish I hadn't wasted so much time getting my droplet set up just the way I want it, to fall down at this late point. Am I missing something, or is it really as stupid as I think it is?

Absolutely nothing to add to previous message. I'm completely puzzled and upset.
We spent time and energy to tune a droplet and to find the root of this problem to find out that the launch of our modest e-commerce project will take place at best in two month at the initiative of the hosting provider.

I think I'll move to AWS or Azure. I really like digital ocean, but it is pissing me off this smtp thing...

I'll have to pay 2 months of a discourse container to begin sending the auth email? Holy shi*

Have another answer? Share your knowledge.