Opening port 587 on Debian running on Google Compute Engine
From the documentation for Google Compute Engine, section "Networking and Firewalls":
Blocked traffic
Google Compute Engine blocks or restricts traffic through all of the following ports/protocols between the Internet and virtual machines, as well as between two virtual machines when traffic is addressed to their public IP addresses (this also includes load-balanced addresses).
Note: These restrictions do not apply for traffic between two virtual machines through their private addresses.
- All outgoing traffic to port 25 (SMTP) is blocked.
- Most outgoing traffic to port 465 or 587 (SMTP over SSL) is blocked. except for known Google IP addresses
- All traffic that uses a protocol other than TCP, UDP, and ICMP is blocked.
I also found "Sending Email from an Instance":
Google Compute Engine does not allow outbound connections on ports 25, 465, and 587 but you can still set up your instances to send mail through ports 587 and 465 using servers provided through partner services, such as SendGrid. This document discusses how to set up your instances to send email using SendGrid.
Related videos on Youtube
toffee.beanns
Updated on September 18, 2022Comments
-
toffee.beanns over 1 year
I'm attempting to use port 587 for my server mailing purposes. However, I can't seem to be able to unblock the port even after trying the following :
Adding port 587 to the Google Cloud network firewall list
Adding a new rule to iptables in the operating system
Restart the server
Am I missing out anything?
EDIT:
/etc/iptables.up.rules -A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
AND:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 7 420 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
-
toffee.beanns almost 10 yearsWould be glad if you could point out where the question required a downvote
-
Ladadadada almost 10 yearsHow did you add the new rule to iptables? Unless you add it to a config file, restarting the server will throw away any changes you have just made.
iptables -L -nv
andtcpdump -n port 587
are two good debugging tools to figure out where packets are getting to and why they're being dropped.tcpdump
runs outsideiptables
so if it doesn't see packets, probably the "cloud network firewall" is dropping them instead. -
toffee.beanns almost 10 years@Ladadadada Thanks! I have updated the question with the iptables information. However the tcp dumps seems to have no respond capturing 0 packets. Does that mean that the last line of your comment applies?
-
Ladadadada almost 10 yearsThat rule doesn't exist in your iptables output but it doesn't matter because your iptables rules are set to accept everything anyway. It's very likely that the packets are being blocked before they get to iptables, so yes, I think it's the "cloud network firewall". Can you get any logging or debugging information from that?
-
toffee.beanns almost 10 years@Ladadadada I don't seem to see any. Is there other ways I can verify the info?
-
toffee.beanns almost 10 yearsI did came across this post too. May I clarify if my Google Cloud instance IP addressis a'known' Google IP address as described above?
-
toffee.beanns almost 10 yearsApologies for the typo. I was asking if my server instance is created as a Google Compute Engine instance, will it be a 'known' Google IP address?
-
iSee almost 10 yearsI don't think so. I think they're referring to servers run completely by them which is not our case, but again, I'm not sure.
-
Michael Hampton almost 10 yearsIt's pretty obvious that they mean Gmail here.
-
toffee.beanns almost 10 years@MichaelHampton Sorry! I am really new to all this server things and all!
-
Ladadadada almost 10 yearsAre you trying to send email or receive it? The iptables output in the question only covers receiving it.
-
toffee.beanns almost 10 yearsThe google cloud don't seem to allow us to use smtp port 25 to do handle our mails. Hence, I have used their partner's service Sendgrid to handle the mailing as stated above. Am I right to say that if I were to allow port 587 through my firewall, Sendgrid would handle both receiving and sending?