Port 25 Blocking on Cloud Platforms: An Overview
Table of Contents
Introduction
If you plan to send emails from your Virtual Machine Instances, you might be disappointed by the information in this blog. Leading cloud providers like Amazon AWS, Google Cloud, Microsoft Azure, and Vultr block port 25 blocking by default or impose certain restrictions. Here’s a detailed look at the policies of each provider.
Amazon AWS
Source: AWS Knowledge Center
AWS blocks outbound traffic on port 25 (SMTP) for all EC2 instances and Lambda functions by default. To remove this restriction:
- For EC2 instances, you can request AWS to lift the restriction.
- For Lambda functions, associate the function with an Amazon VPC and give it internet access via a NAT gateway. Note that port 25 blocking restriction cannot be removed from non-VPC functions.
Google Cloud Platform
Source: Google Cloud Documentation
Google Cloud Platform (GCP) blocks connections to external TCP port 25 blocking due to the risk of abuse, including SMTP relay with Google Workspace. GCP recommends using third-party services like MailGun, SendGrid, and Mailjet, which offer free tiers for Compute Engine customers. These services provide features like click tracking, analytics, and APIs.
Microsoft Azure
Source: Azure Documentation
Microsoft Azure restricts outbound email messages on TCP port 25 blocking from virtual machines (VMs). This is only possible under certain subscription types. Port 25 is unsupported for all Azure Platform-as-a-Service (PaaS) resources, including Azure App Service and Azure Functions.
Vultr
Source: Vultr Documentation
Vultr blocks port 25 by default, along with several other ports for network security. Users can request to have these blocks removed by opening a support ticket. The blocked ports include:
- TCP port 25 (SMTP)
- TCP & UDP ports 137-139
- TCP & UDP port 445
- TCP port 1688 (KMS, inbound only)
Oracle Cloud Infrastructure
Source: Oracle Cloud Documentation
Oracle Cloud Infrastructure (OCI) has different policies based on when the tenancy was created:
- Tenancies created before June 23, 2021, have port 25 open by default.
- Tenancies created after June 23, 2021, have port 25 blocked by default. Users can request an exemption by opening a service limits request.
Tags and Keywords
Tags:
- Amazon AWS
- Google Cloud
- Microsoft Azure
- Vultr port 25
- Oracle Cloud port 25
Keywords:
- Amazon AWS port 25
- Google Cloud port 25
- Microsoft Azure port 25
- Vultr blocks port 25
- Oracle Cloud port 25
- Port 25 restrictions
Related Blogs
For more information and updates, visit AliTech.