New Install Droplet / Alma 9 - Cannot connect to Gmail or other remote mail servers

B

bcoker

Verified User
Joined
Sep 7, 2010
Messages
55
Hey all!

I've been away from DA from many years. Just testing setup of a new machine. I managed to work out every issue but this one. I ca receive email from any MTA, but cannot send to any but myself. I'm also new to Digital Ocean droplets and I think this has to do with the server having ipv6 enabled? The server tries several time and ultimately gets deferred do to number of attempts.

I'm not sure if there is some way to resolve this via EXIM config or..? CSF is default install settings. Any knowledgeable assistance is appreciated.

Code: 
]# telnet gmail-smtp-in.l.google.com 25
Trying 64.233.177.27...

Code: 
[root@alpha etc]# telnet mailsec.protonmail.ch 25
Trying 185.70.42.129...


Code: 
[root@alpha etc]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether ae:ac:ad:42:c4:e8 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    altname ens3
    inet IPV4IPADDRRESS/20 brd IPV4IPADDRRESS5 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 10.50.0.5/16 brd 10.50.255.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::acac:adff:fe42:c4e8/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 1e:99:ac:dd:31:b8 brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    altname ens4
    inet 10.128.0.2/20 brd 10.128.15.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::1c99:acff:fedd:31b8/64 scope link
       valid_lft forever preferred_lft forever

Code: 
2025-07-11 21:17:06 Received from [email protected] H=localhost (alpha.hostname.com) [::1] P=esmtpa A=login:[email protected] S=582 [email protected] T="Gmail Test"
2025-07-11 21:17:06 H=gmail-smtp-in.l.google.com [2607:f8b0:4002:c09::1b] Network is unreachable
2025-07-11 21:19:19 H=gmail-smtp-in.l.google.com [142.250.9.27] Connection timed out
2025-07-11 21:19:19 H=alt1.gmail-smtp-in.l.google.com [2607:f8b0:400d:c0e::1a] Network is unreachable
2025-07-11 21:21:30 H=alt1.gmail-smtp-in.l.google.com [209.85.144.26] Connection timed out
2025-07-11 21:21:30 H=alt2.gmail-smtp-in.l.google.com [2607:f8b0:400c:c01::1a] Network is unreachable
2025-07-11 21:21:30 H=alt3.gmail-smtp-in.l.google.com [2607:f8b0:4004:c25::1b] Network is unreachable
2025-07-11 21:21:30 H=alt4.gmail-smtp-in.l.google.com [2800:3f0:4003:c0f::1b] Network is unreachable
2025-07-11 21:21:30 [email protected] R=lookuphost T=remote_smtp defer (101): Network is unreachable
 
To prevent abuse, a lot of providers block ports 25 and 465 by default to prevent potential spam sending. You may need to contact Digital Ocean to open ports 25 and 465. If you have a legitimate use case scenario, most providers happily agree. You will still be able to receive mail as they are normally different ports and not restricted.

Why is SMTP blocked? | DigitalOcean Documentation

SMTP is blocked on Droplets to prevent spam and abuse. Use a third-party email platform like EmailEngine instead.
docs.digitalocean.com docs.digitalocean.com
 
DrWizzle said:
To prevent abuse, a lot of providers block ports 25 and 465 by default to prevent potential spam sending. You may need to contact Digital Ocean to open ports 25 and 465. If you have a legitimate use case scenario, most providers happily agree. You will still be able to receive mail as they are normally different ports and not restricted.

Why is SMTP blocked? | DigitalOcean Documentation

SMTP is blocked on Droplets to prevent spam and abuse. Use a third-party email platform like EmailEngine instead.
docs.digitalocean.com docs.digitalocean.com
Click to expand...
I'll give DO an email and see if that's what's going on. I'll make sure to follow up.
Appreciate the reply.
 
bcoker said:
I'll give DO an email and see if that's what's going on. I'll make sure to follow up.
Appreciate the reply.
Click to expand...
So it looks like they are blocking. And possibly will not unblock it. There is some vague verbiage about new accounts and they are heavily pushing EmailEngin which only supports Ubuntu 22.04.
https://docs.digitalocean.com/support/why-is-smtp-blocked/

As this was going to be a small hosting server email is gonna be needed. I planned on using a filtering service to not have to deal with blacklists but I'm not even sure that can be used.

Shame, I was liking DO so far. Will have to way options.

Thanks again.
 
bcoker said:
So it looks like they are blocking. And possibly will not unblock it. There is some vague verbiage about new accounts and they are heavily pushing EmailEngin which only supports Ubuntu 22.04.
https://docs.digitalocean.com/support/why-is-smtp-blocked/

As this was going to be a small hosting server email is gonna be needed. I planned on using a filtering service to not have to deal with blacklists but I'm not even sure that can be used.

Shame, I was liking DO so far. Will have to way options.

Thanks again.
Click to expand...
You could always try Contabo or Hetzner? (Other providers are available 😁) I use a few Hetzner products and their Console product (vps instances) is brilliant. The bonus is that they WILL open ports 25 and 465 if you request.
 
DrWizzle said:
You could always try Contabo or Hetzner? (Other providers are available 😁) I use a few Hetzner products and their Console product (vps instances) is brilliant. The bonus is that they WILL open ports 25 and 465 if you request.
Click to expand...
I'll check them out. DO is asking me for information. It looks like they may allow it if they feel like it's safe enough. I'm probably doing to use MC for outbound filtering though. I really don't want to have to deal with blacklists.
 
Mailchannels is a good filtering option and helps protect your domain reputation. Another shared hosting company I used a few years back for something integrated it with DA and mail deliverability was amazing until they said it was too expensive and pulled the plug on that. I've ended up on a few blocklists before and it's an inconvenience to customers who can't send mail and myself sorting out the delisting. Spamhaus seems to be the hottest BL and quickest to list for some reason i've found (although not been on it for some time now). Also, don't quote me on this, but you might not have to ask to get port 25 opened if you're using a mail relay like MC. I'm pretty sure MC can use alternative ports like 2525. Check the documentation before you buy but I know it's free to try. Maybe give a free trial a go and see if that works? I hope you're able to get it sorted.
 
Yep agreed. Been doing some form of webhosting for 15 years and blacklist are a huge pain. I'll just be doing this solo and I don't want to have to deal with that or upset customers. Been using MC for 10 years with companies that I work for and it is good. Sometimes they have false positives but they're quick to resolve those. DO has 2525 is open, they emailed me back this morning with a firm NO. I don't blame them. I'm going to the MC Starter plan, like you mentioned they have a 90 day trial.
 
You must log in or register to reply here.
Back
Top