Digital Ocean Firewall blocking sending Email

December 28, 2017 9.8k views
Firewall Ubuntu 16.04
kumarpk
By:
kumarpk

Hi all,
I'm running a WordPress site on Ubuntu 16.04 Server. Before using Digital Ocean Firewall feature. My WordPress site was sending outgoing emails without any problem but after enabling I'm getting following error in my mail server log:

server postfix/smtp[10014]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c03::1b]:25: Network is unreachable

Currently I'm using following rules in the firewall:

Inbound Rules:
SSH TCP 22
DNS TCP TCP 53
HTTP TCP 80
HTTPS TCP 443
DNS UDP UDP 53

Outbound Rules:
DNS TCP TCP 53
HTTP TCP 80
HTTPS TCP 443
DNS UDP UDP 53

Please help me which port rule I'll need to add in the firewall to fix the issue,
Thanks!

3 comments
  • JustSomeTech December 29, 2017

    Hi there,

    It depends on what kind of SMTP port you are using. But from what I read, you need to open TCP/UDP port 587. Hope this helps you out

  • kumarpk December 30, 2017

    Thank you for reply,
    Will you please tell me where I need to add 587 port tcp/udp rule: in Inbound or Outbound?

  • rompelstompel September 30, 2018

    Has this issue been resolved yet? Any workaround? I can't seem to get postfix to use something other than 25 for outgoing emails. Any luck?

Log In to Comment
10 Answers
chup1ds February 2, 2018
Accepted Answer

Me too. I send support ticket about it and here DO answer:

*Hello,

Thank you for contacting DigitalOcean.

Stopping spam is a constant fight, so we have implemented some restrictions on newer accounts. To qualify for the ability to send out email, we do require accounts to wait 60 days before we can look into removing the restriction. Once your account has reached 60 days of stable use, please do reach back out to us so we can look into this for you.

We appreciate your understanding on this matter.*

well this is not make sense to me.

I'm working to build ecommerce site. I signup for vps service and buy cpanel license in order to have manage my site without have shared host limitation. Why DO limit their vps user for sending email from the server while all shared host allow their clients from the first time they signup?

Reply
jokerdigital January 29, 2018

It seems that DO has blocked SMTP ports although you'd applied all-port outgoing rules. I've tested with Amazon AWS to send emails through Zoho Mail and it's okay. Problems are with DO for sure.

Reply
silvioq February 2, 2018

Same trouble here. My postfix worked well for years and I have connections timeout since some days ago.

Reply
kumarpk February 4, 2018

The Problem has been fixed after creating a ticket. Digital Ocean blocked the SMTP port. They want to stop spam, and when contacted they asked few questions, e.g.: My name, Company Name, Blog name and some other info. And they unlocked the port. So if you're facing the same, then you'll need to contact Digital Ocean by submitting a support ticket.

Reply
contact80d0e0ffd8de3a73f61 March 16, 2018

hello, all my emails to FEDEX.COM are blocked. Please advise

Reply
nick26954b0a872cebd9e34c1b June 2, 2018

I have this same problem, Digital Ocean are blocking SMTP for 60 days. They didn't offer to ask me any questions to get the block lifted though, so my app is stuck with not being able to send emails until I can find a way around or move everything to another VPS. This seems to me to be such a stupid policy. Why 60 days? What account activity are they looking at in these 60 days to make themselves feel confident that I'm not a spammer? I can't send emails, so how are they going to know whether my emails are spam or not? Surely they're just mildly inconveniencing actual spammers (who will just have to keep an account dormant for 60 days and then they can spam whoever they like), whilst at the same time massively inconveniencing genuine users. I don't get it and I wish I hadn't wasted so much time getting my droplet set up just the way I want it, to fall down at this late point. Am I missing something, or is it really as stupid as I think it is?

Reply
alexmilov July 5, 2018

Absolutely nothing to add to previous message. I'm completely puzzled and upset.
We spent time and energy to tune a droplet and to find the root of this problem to find out that the launch of our modest e-commerce project will take place at best in two month at the initiative of the hosting provider.

Reply
rafaelomarques August 13, 2018

I think I'll move to AWS or Azure. I really like digital ocean, but it is pissing me off this smtp thing...

I'll have to pay 2 months of a discourse container to begin sending the auth email? Holy shi*

Reply
frank17 March 17, 2019

Yeah, what a shame DO! ...this really isnt a good way to do busines... very disappointed...

Reply
mrmarciaong July 14, 2019

Was going to recommend digitalocean for my company infra. But because of this stupid issue. Moved to AWS and in time i will move my personal VPS to AWS/GCP

Reply
Have another answer? Share your knowledge.

Related Questions