purelymail-issues icon indicating copy to clipboard operation
purelymail-issues copied to clipboard

Published 20 hours ago verified publisher icon ScottPeterJohnson

Use a secondary non-standard SMTP port

Open iiEpic opened this issue 6 months ago • 5 comments

Would it be possible to utilize a non-standard SMTP port instead of TCP/465.

This port is blocked by Digital Ocean and they will not lift the block.

If a different port was utilized, it would bypass this issue and it's also suggested as a fix by digital ocean.

Here is a snippet from my recent support chat with DO.

`Thanks for getting back to us. I apologise for the inconvenience. However, at this time, we cannot unblock SMTP ports for this account.

We understand that you have an application requirement or a business need to enable port 25, 465 and 587. However due to our current policy we are unable to facilitate requests to remove the restriction on this port. We recommend utilizing alternative ports if your application allows, such as port 2525. You can also use REST API with SendGrid, which allows you to send emails via HTTP requests instead of the traditional SMTP protocol if it is suitable for you or make use of another third-party sending service.

Please find below articles:

  1. SendGrid v3 API Documentation SendGrid v3 API Documentation | SendGrid Docs | Twilio
  2. MailGun Send API Documentation Getting started Sending Email`

iiEpic avatar Apr 29 '25 22:04 iiEpic

And just like that, they do not recommend either of the two options above anymore. This is now the suggested method of SMTP. https://docs.digitalocean.com/support/why-is-smtp-blocked/

SMTP ports 25, 465, and 587 are blocked on Droplets to prevent spam and other abuses on our platform. This block applies to all Droplets by default and cannot be removed.

Even if SMTP were available, we strongly recommend against running your own mail server, as self-hosted mail servers are difficult to secure and maintain, frequently get flagged as spam, and require constant monitoring to protect your IP address. Dedicated email platforms manage these challenges for you.

To send mail from DigitalOcean, we recommend using EmailEngine, available through the Marketplace as a 1-Click App.

iiEpic avatar May 01 '25 19:05 iiEpic

@iiEpic I'll ask Ktr if there is any possibility we can implement this for you, but as far as I can see the best current fix would be a VPN to a service which allows the use of the ports. I'll let you know of any response!

alicethefemme avatar May 01 '25 21:05 alicethefemme

@alicethefemme It's alright if it doesn't get implemented. I'm working with Digital Ocean to hopefully allow my account to use it.

However, I attempted to create a proxy to one of my on-prem servers and forward it to PurelyMail. Sadly, Digital Ocean actually blocks the traffic once it realizes that it's SMTP traffic which doesn't give me a chance to send any emails because looking at the packet captures, it's once the handshake is established when DO blocks it.

iiEpic avatar May 01 '25 21:05 iiEpic

Have you tried using something with a wireguard implementation? As far as I can tell that traffic always gets routed through the wireguard port 51820, and therefore shouldn't be detected?

alicethefemme avatar May 01 '25 21:05 alicethefemme

@alicethefemme I have, I use Netbird as my mesh solution between AWS, GCloud, DO and on-prem. I tried forwarding the traffic through one of my endpoints but it wouldn't work as I mentioned above.

Netbird uses Wireguard under the hood.

iiEpic avatar May 03 '25 01:05 iiEpic