DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Question

Outgoing connections on port 25 / 587 / 143 blocked over IPv6?

I just moved my servers, including my mailserver to the new ams3 region because of ipv6. i configured postfix to use ipv6 and i recieved my first email over ipv6 without a problem.

But when i try to send mail over ipv6 to other mailserver that support ipv6 like gmail.com the connection times out.

I then used netcat to test it and found that three mail relevant ports seem to be blocked for outgoing connections. SSH works fine.

nc -vz [ipv6-address] 25
nc: connect to [ipv6-address] port 25 (tcp) failed: Connection timed out
nc -vz [ipv6-address] 587
nc: connect to [ipv6-address] port 587 (tcp) failed: Connection timed out
nc -vz [ipv6-address] 143
nc: connect to [ipv6-address] port 143 (tcp) failed: Connection timed out

nc -vz [ipv6-address] 22
Connection to [ipv6-address] 22 port [tcp/ssh] succeeded

Are these ports really blocked? If yes, why?

Show comments
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Sign up now

jonathanOctober 13, 2014

Hi there; I was in touch with support about this a few months back and I didn’t realise it was still blocked.

The response was:

… the changes you need to make are in /etc/gai.conf

Look for the list of precedences that are commented out.

The last value simply needs to be uncommented and the 10 changed to a 100

This will de-prioritize IPv6 NS lookups and allow IPv4 to take priority.

Eventually we will remove the block on IPv6 SMTP, but for now it will remain in place.

http://serverfault.com/questions/93717/setting-ipv4-as-preferred-protocol-over-ipv6 http://askubuntu.com/questions/32298/prefer-a-ipv4-dns-lookups-before-aaaaipv6-lookups

Or, to put it another way:

Backup!

nano /etc/gai.conf

make the appropriate lines look like this

precedence ::ffff:0:0/96  100

Reboot, test, enjoy, let me know if it works :)

GeraldHJuly 25, 2016

Just checked if this is still the case in 07/2016 and it unfortunately is: Outgoing connections are blocked on the following ports: 25/tcp filtered smtp 109/tcp filtered pop2 110/tcp filtered pop3 143/tcp filtered imap 465/tcp filtered smtps 587/tcp filtered submission 933/tcp filtered unknown 995/tcp filtered pop3s

I’m in the FRA1 (Frankfurt) Datacenter. I hope this gets changed sometime soon. Other than this I’m really happy with DO but their IPv6 support really sucks big time (the no real v6 subnet and only 16IPs thing being the other big v6 problem).

MelodyDecember 10, 2020

Hi everyone! I’m sorry to read about all of the headaches this has caused for your email environments. At this time, all SMTP traffic over IPv6 is indeed blocked for all DigitalOcean accounts. This limitation is disclosed on our IPv6 documentation here: https://www.digitalocean.com/docs/networking/ipv6/#limits

Additionally, while SMTP traffic over IPv4 is possible for most accounts we do not recommend sending mail from Droplets: https://www.digitalocean.com/docs/droplets/#limits

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up