I tried to open with all the commands. But can not open. How to open the port?
My IP: 128.199.115.72
Plzz help me. Thanks

1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
7 answers

Not sure if this is still relevant, but I had the same issue and opened a ticket. This is the response from them:

“Hello,

Stopping spam is a constant fight and due to this, your account has restrictions specifically on port 25. However, you are be able to use mail services using ports 587, 993, 995 and 465. You will need to open these ports in your firewall. Here is our guide to common iptables commands:

https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands#service-mail

We realize this is inconvenient, but many customers in your position move their mailing activities to a third party service such as SendGrid or similar which processes such mail separately from their droplet. I’m sorry for the frustration but we’re not able to lift this port restriction at this time.

In terms of a workaround, here are a few alternatives:

  1. Utilize port 587 for SMTP relay via another mail provider, for example G Suite/Gmail, Mailgun, etc. We have a guide on doing so using Postfix here:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-mail-relay-with-postfix-and-mailgun-on-ubuntu-16-04

  1. Configure your app or service to send mail directly using either a SMTP client connection (typically using port 587), or API call via another mail provider such as Sendgrid, Mailgun, Mandrill, etc.

Please note that with this restriction in place on port 25, mail servers hosted here will be unable to directly relay email to other mail servers, as communication between mail servers typically takes place on port 25.

We think the API is the best solution, as it is honestly more scalable and what we would use if we wanted to "future proof” the project.

If you have any further questions or concerns, please feel free to reach back out to us at any time.“

and in the next response

"If you have a different DigitalOcean account when you have access to port 25, you may have been subject to different policies. Our internal security has changed in regard to this port. I would recommend either, using your other account or creating teams from your other account.

In regard to this account, the port is unfortunately going to remain blocked per our security policies. We completely understand if this means that we are no longer a viable solution for your project. If you have any further questions or concerns, please feel free to reach back out to us at any time.”

So, their offical answer is, they don’t give a shit if you use them or not. They actually say so directly. Even when I can show I have another account that does not have this policy.

I can accept that this is blocked by default, but the unwillingness to lift this restriction when asking for it, is unacceptable. I will start looking for other service providers, who does not block standard implementations just to get rid of a few bad eggs (spammers).

by Mitchell Anicas
Iptables is the software firewall that is included with most Linux distributions by default. This cheat sheet-style guide provides a quick reference to iptables commands that will create firewall rules are useful in common, everyday scenarios. This includes iptables examples of allowing and blocking various services by port, network interface, and source IP address.

They’re blocking port 25 for entire account based on some hidden criteria and won’t lift it no matter how you ask.

I had a really awful experience with DO.

The moment I create new account they force me to provide payment info. OK, done.

Immediately after they require ID verification by sending photo of my passport and taking a selfie via some silly service, which wasn’t even working; had to enable VPS to pass it through and connect a tablet via wifi to take the selfie (my PC doesn’t have a webcam; is that so rare among web developers?). OK, done.

Create a new droplet. OK, …not done: the IP they’ve assigned is blocked in my country. Probably been hosting some pirate or illegal stuff in the past. No response from support for 2 days.

OK, creating another droplet, transferring image from the previous one… done.

Now the most exciting stuff: setting up POSTFIX to send outgoing email only. They have a fresh step by step tutorial just about that. Great! Follow all the steps. Done?

NO! Connection time out on send attempt. Why? Of course I did something wrong! Cause, you know… it’s DO, they’re so cool and the tutorial’s all dandy, it should definitely work!

Spend another several hours debugging the crap. Then suddenly stumble upon a 2015 post on a QA site about DO blocking port 25 and requiring to contact them in order to lift the block. OK, let’s contact the support again and wait…

24 hours later, finally, I got the response; being sure that this is a confirmation that the block is lifted, I open the mail and see the crap about “Stopping spam is a constant fight and due to this”… due to this we just shit on you, our dear customer/developer, shit on the days you’ve spent working with our services; so go on and pay our friend sendgrid or get lost.

And all this was just an attempt to set-up a humble phpBB forum for a pet project of mine, so it can send emails for users who wish to reset their password. 3 miserable days of humiliation.

If someone happen to read this while deciding where to host something simple, for the love of God, save yourself from this humiliation! Pick AWS/Bluehost/whatever that doesn’t shit on their customers.

VPSSIM appears to be an auto installer script with multiple options. Default is for ports to be open and I see a default NGINX page at the IP address provided. When you say you tried all commands what were these?

You can see what ports are open and their associated programs using something like:

netstat -anp

from the command line.
Check your firewall configuration with

sudo iptables -L

On most systems default is ACCEPT, but might be different with the installer you used.

Same situation here. I have installed a Wordpress app with the one-click auto install and I tought everything would work out of the box. It’s been 2hs since I started to try enable port 587 for outgoing mails, seems to be working as I can telnet to the port, but php (wordpress) fails to send mails.

The question is, how much money is digitalocean receiving from SendGrid?

Well. I need my webservers to send email. It does not make sense to have my email server somewhere else and my webservers on DO. So everything is moving on AWS, which does not block port 25!

all of my 10 droplets are open at 25, I don’t change anything at default setup.
are they because created with LAMP stack… ?

Submit an Answer