SMTP restricted by Digital Ocean

Hello all,

I am a new user to MiaB. I installed my box in no time. However, on system checks, I got an error stating that SMTP was blocked by my network. It seems DO started blocking this port since June (SMTP restricted by default). Per DO recommendation, they advised to use SendGrid (SendGrid | DigitalOcean Marketplace 1-Click App) which I don’t want to use. Does anyone knows a work around for this? Or should we start using a new VPS provider? Any recommendations? Thanks!

1 Like

If you are a new Digital Ocean client you only have two choices, use a SMTP relay, or use a different VPS provider.

I have created a inexpensive SMTP relay for MiaB. You can see a topic discussing it a bit further down the index on this forum. If you care to use it, wonderful - but either way please do read my web page concerning it so that you have an idea what you may be getting into using one.

I think that I am going to push very hard for the MiaB project to stop mentioning Digital Ocean as a VPS provider of choice due to their decision of last June. @JoshData

There are some mentions on their community site that you can request to open port 25 after your account is 60 days old. Many other VPS providers also have this limit on new accounts, see e.g. hetzner or linode.

From an article in 2018, long before the new policy was put into place. Back in 2018, DO blocked access to email ports in certain data centers and for clients from certain countries.

Hetzner’s policy is newer, but still offers a path to mitigation after 30 days. As far as Linode, one simply needs to make the proper request, which is the policy at most VPS providers who block email ports.

Digital Ocean’s new policy linked in the OP states that “Our new disabled-by-default SMTP policy goes into effect today, June 22, 2022, for all new accounts” and does not provide a path for mitigation other than using Spamgrid as your SMTP relay.

Note that I referred to Sendgrid as “Spamgrid”, please read this for more details. It’s time to talk about SendGrid

There’s a reply there from June 2022 that states:

To qualify for the ability to send out emails, new accounts are required to wait 60 days before a request for removing the restriction could be raised. Once your account has reached 60 days of stable use, you could reach out to the DigitalOcean support team so they could look into this for you:

So perhaps that still applies

Do you know of providers where you have port 25 open from day 1, where there’s also a good chance of decent IP reputation?

Thanks everyone for your input and conversation. I really appreciate it. However, to get out of doubts, here is the email I received from DO regarding my request on unblocking SMTP. Pretty much, I need to find another VPS service. Is outrageous how these companies are making it harder to have our privacy intact.

" We understand you have concerns regarding SMTP restrictions in place on your account. DigitalOcean is not a dedicated email host and stopping spam is a constant fight. Due to this, restrictions have been imposed on all accounts.

We would also like to provide some additional background on this issue. Since IP addresses in cloud environments get used and released back to available pools very frequently, they are considered dynamic and untrustworthy. For example, you’re currently assigned an IP address and you’re a responsible mail user. You follow all best practices for mail and never send spam or unsolicited mail. Later, when you no longer need that Droplet, you destroy it and the IP address is free to be assigned to another DigitalOcean user. That user takes the opportunity to send out a large volume of spam before our Security team takes action on the offending account.

Mail providers like Gmail, Microsoft, and others cannot determine if email coming from an IP is legitimate or not until it gains a poor reputation. By that time, the damage had already been done. It’s safer to just block all mail coming from platforms, like Internet Service Providers and Cloud hosting environments, where IP addresses are dynamically assigned and inherently risky.

While this does reduce avenues that spammers have available to them, it also impacts legitimate users. Our Abuse Operations team is working with SBLs to get the IPs delisted. Due to this, we are restricting SMTP traffic across the DigitalOcean platform. This means that we are unable to remove the SMTP restriction that is placed on your account.

We understand that your workflow may have email needs. As a solution to this restriction, we have partnered with SendGrid to offer all our customers a better solution where you would not need to worry about IP reputation and blacklisting. You can read more about this in our article here. Through SendGrid, you will be able to send 100 free emails per day and if your requirement is beyond the free tier, feel free to reach out to SendGrid support to opt for a better plan to meet your requirement.

We’re always happy to help if you have additional questions, so please don’t hesitate to reach out.

----

This is an automated response to help speed up service by getting all the information we need to help you. You must reply to this email for further assistance.

DigitalOcean Support Team
"

The two that I deal with actively are LunaNode in Canada, and IntoVPS in Romania.

It is still quite possible, though that is not what the announcement stated. However, it is all a moot point because if you want to set up MiaB, you do not want to have to sit and wait 60 days to maybe be approved. Most people want to set it up now. The response you mention though was not from Digital Ocean directly, so I would take it with a grain of salt.

Reached out to LunaNode to ask if SMTP was blocked on the VPSs; this was their response:

"port 25 is heavily monitored and upon detection of bulk mailing it is
promptly blocked.

simple answer, yes its blocked. "

I do not agree with your assessment. Their reply specifically states that they monitor their SMTP ports for abuse. Running a mail server is not abuse in itself.

Mail-in-a-Box is not a proper solution for bulk emailing. One should be looking for a PowerMTA based server for that, so I do not make the same conclusion as you do as most here are not looking for a bulk mailing solution.

Specifically LunaNode’s ToS states:

Spam - sending unsolicited email in bulk is prohibited. Sending email in bulk is prohibited (e.g., over one thousand emails per hour) unless you receive permission in advance; such unauthorized bulk mail activities will result in outgoing SMTP traffic being blocked. Services becoming listed in any spam blocklist or database (e.g. SpamHaus, SpamCop) may result in service termination.

This was not my answer…it was the answer I was given by the LunaNode’s employee.

Simple answer. yes it is blocked IF you break the ToS.

ohh gotcha!! Thanks for clarifying :smiley:

1 Like

@makako-dev I had a long dialog with DO over a year ago when I started with MiaB. They asked for understanding that their systems had been abused so much that they were forced to block port 25 for all new users. It was going to be months [ of using SendGrid ] before they would reconsider my case.
I ended up with Contabo in Germany - I called on the phone and asked specifically about restrictions on port 25 before signing up … there would be no restriction as long as I behaved myself. Cool.
I’m not familiar with @alento 's relay solution, but he has helped me expertly to correct and complete my MiaB configs, substantially improving deliverability of my emails, so I’m happy recommend his word :slight_smile:
@alento Starting up with DO was a frustrating waste of time for me so I would certainly not recommend going there either…

1 Like

DO policy of allowing port 25 resulted in its entire owned IP ranges to be blacklisted by various service providers, so even if the allowed port 25 (which they did in my case) wont help because many of you emails will be marked spam, using SMTP relay is not an answer, you need to find a provider who controls the use of port 25 and lets you use if you are not misusing it.

I get the distinct impression you have a case of, “must have it now and no other way!” Clearly you already use GMail, so privacy must not be top of your list. Maybe privacy has come up recently, that’s good, but be a little patient. Everyone in the not just this community but a larger community has to be decent, reliably people for it to all work.

My experience with Digital Ocean has been excellent. Unlike the few who have chimed in here. But my intentions were to simply run my own server. When I asked to have port 25 opened, it was. Although, I’ve gone through hell with other email systems getting my system to out of the crapper because of previous bad actors.

However you feel about their choices, I wouldn’t say their choice is is because there is a goal to hurt your privacy. That’s a pretty dull way of looking at it. Instead it’s privacy enhancing for those with some patience. No spammer is going to wait 2-months for an email server, they want a fast setup so they can just keep setting up. And, instead of being monitored I’d rather have my service provider trust I can handle my own stuff.

I wouldn’t recommend DO for email though. Simply because of the IP blocks having such a bad reputation. It takes a lot of effort to take your little personal email server and get a good reputation again. So as someone who’s worked hard to do that, I really am happy they’re taking a hard line on this, but I’m a jerk like that.

Digital ocean has most of their IP ranges blocked by spam filters. I’ve had success getting AWS with a elastic ip un blocked… port 25 is also blocked by default but you just message them to unblock, just takes a couple emails.

I couldn’t use Digital ocean since all their ip addresses i tried has all their ip address blocks on multiple blacklists i found impossible to get off of. I’d just use AWS with elastic ip, and make sure the ip isn’t on any spam blocklists. then have them open port 25. good luck.

this is true. basically impossible to get DO ip address off the black lists.

I’ve had success with a new MIAB ( I’ve used it for years, but had to upgade ubuntu OS ) which forced me getting a new ipaddress, which was on multiple ip spam blacklists.

AWS is working for me… elastic ip not on any spam black lists. email them to open port 25, apple and microsoft mail is blacklisted, but you have to just ask for a few weeks to get off, and they will unblock the ip address. I also started using mailreach to improve the ip reputation by sending fake emails ( like fake business emails to accounts on all the major providers ) so your email server gets a reputation for not sending spam. Miab takes some work, but i’ve used it for a long time and like just running my own email server for the street cred with all the nerds. lol

Hi, I’ve had good service from Amazon AWS. The Lightsail VPS instances are very easy to use and all ports are open and they include a free Firewall which is good to use to avoid unnecessary ports on your instance being pinged. Getting the desired reverse DNS name can be a bit convoluted as it requires actually contacting them and filling in a online request. I believe the costs are actaully lower than DO.
Amazon EC2 instances are perhaps more complex; however, you can set your own reverse DNS name from the EC2 dashboard. Costs are reasonable IF you do not need a lot of internet traffic. For EC2 instances you can save money by reserving capacity once you know you are happy with your server.
For either instance, making MIAB backups to AWS S3 is a breeze.

I can also recommend UpCloud; however, port 25 is blocked until you request that it be made available. Perhaps there is a waiting period?