Port 25, 465 is blocked, How can I enable it?

July 13, 2018 1.3k views
Email CentOS

I tried to open with all the commands. But can not open. How to open the port?
My IP: 128.199.115.72
Plzz help me. Thanks

1 comment
2 Answers

VPSSIM appears to be an auto installer script with multiple options. Default is for ports to be open and I see a default NGINX page at the IP address provided. When you say you tried all commands what were these?

You can see what ports are open and their associated programs using something like:

netstat -anp

from the command line.
Check your firewall configuration with

sudo iptables -L

On most systems default is ACCEPT, but might be different with the installer you used.

Not sure if this is still relevant, but I had the same issue and opened a ticket. This is the response from them:

"Hello,

Stopping spam is a constant fight and due to this, your account has restrictions specifically on port 25. However, you are be able to use mail services using ports 587, 993, 995 and 465. You will need to open these ports in your firewall. Here is our guide to common iptables commands:

https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands#service-mail

We realize this is inconvenient, but many customers in your position move their mailing activities to a third party service such as SendGrid or similar which processes such mail separately from their droplet. I'm sorry for the frustration but we're not able to lift this port restriction at this time.

In terms of a workaround, here are a few alternatives:

  1. Utilize port 587 for SMTP relay via another mail provider, for example G Suite/Gmail, Mailgun, etc. We have a guide on doing so using Postfix here:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-mail-relay-with-postfix-and-mailgun-on-ubuntu-16-04

  1. Configure your app or service to send mail directly using either a SMTP client connection (typically using port 587), or API call via another mail provider such as Sendgrid, Mailgun, Mandrill, etc.

Please note that with this restriction in place on port 25, mail servers hosted here will be unable to directly relay email to other mail servers, as communication between mail servers typically takes place on port 25.

We think the API is the best solution, as it is honestly more scalable and what we would use if we wanted to "future proof" the project.

If you have any further questions or concerns, please feel free to reach back out to us at any time."

and in the next response

"If you have a different DigitalOcean account when you have access to port 25, you may have been subject to different policies. Our internal security has changed in regard to this port. I would recommend either, using your other account or creating teams from your other account.

In regard to this account, the port is unfortunately going to remain blocked per our security policies. We completely understand if this means that we are no longer a viable solution for your project. If you have any further questions or concerns, please feel free to reach back out to us at any time."

So, their offical answer is, they don't give a shit if you use them or not. They actually say so directly. Even when I can show I have another account that does not have this policy.

I can accept that this is blocked by default, but the unwillingness to lift this restriction when asking for it, is unacceptable. I will start looking for other service providers, who does not block standard implementations just to get rid of a few bad eggs (spammers).

by Mitchell Anicas
Iptables is the software firewall that is included with most Linux distributions by default. This cheat sheet-style guide provides a quick reference to iptables commands that will create firewall rules are useful in common, everyday scenarios. This includes iptables examples of allowing and blocking various services by port, network interface, and source IP address.
Have another answer? Share your knowledge.