Google compute engine blocks outgoing smtp . The only option it gives in it's documentation is using sendgrid.
I have my own mailserver for transactional emails and other emails as well .
Can i Use another mail server ( not on google ) and create an smtp relay on compute engine ( on port other than 25 ) to forward port 25 traffic to that server ?
if so , how ?
See Googles documentation on this, I use SendGrid and Postfix to send email from my GCE instance.
By default, Google Compute Engine allows outbound connections on all ports but port 25, which is blocked because of the risk of abuse. All other ports are open, including ports 587 and 465.
You can use third party provider such as SendGrid, Mailgun, or Mailjet
For sendgrid: https://cloud.google.com/compute/docs/tutorials/sending-mail/using-sendgrid
For Mailgun: https://cloud.google.com/compute/docs/tutorials/sending-mail/using-mailgun
For Mailjet: https://cloud.google.com/compute/docs/tutorials/sending-mail/using-mailjet
Related
I have a VM instance on Google Compute Engine, which is running Windows Server 2012 R2. I have my Apache web server, PHP, MySQL, FTP, and various other things running great, easily accessible from the world. I installed MDaemon Messaging Server (Alt-N's email server), which I had on my old physical box for years. I am able to use port 110 just fine, but I simply cannot get SMTP to work. Yes, I'm well aware of (Compute Engine's Blocked SMTP Ports). Knowing these blocked google ports, I would like to choose port 2525 as Mdaemon's SMTP port. I added firewall rules on the server to allow it, and I added the Compute Engine Network port exceptions as well, and of course changed the Mdaemon's server settings for 2525. I still cannot send email. Hell, I even tried port 2626 and nadda.
I understand I could sign up through google's recommended "sendgrid" that would force me to use mail.sendgrid.com, port 2525, and have a maximum of 25,000 per month limit (on free sendgrid account), but I personally think it's ridiculous needing to sign up and have limits on email when I paid $2,400 for Mdaemon email server. I should be able to use my own domain's mail.mydomain.com and authenticate through MY email server, not sendgrid's.
Is there something simple I'm missing to be able to use my own email server software on my google compute engine VM instance? Or is it just fact that this is the right I give up by choosing google's cloud server services?
SMTP server, in your case MDaemon, sends all outbound emails directly to the recipient's mail servers on their inbound SMTP port which is 25. This is the port you will need to configure on your MDaemon's SMTP outbound port setting. So changing it to 2525 or 2626 won't help because recipient's SMTP servers usually do not listen on those ports.
As you also mentioned all outgoing traffic to port 25 (SMTP) is blocked on Compute Engine. Therefore you'll need to configure a smart host for your MDaemon message routing which listens on a non-blocked port. This is something like using a third party service (e.g. SendGrid).
I have configured my postfix so as users under my server shall send mails through port 587 and port 25 will only be used to receive mails from mail servers.
I am successful to the extent that on connecting to port 25 mails are not allowed outside the mail server and it is being rejected as relay-access denied. whereas on port 587 the clients are able to sent mail to outside mail servers.
To achieve this I have set in my main.cf
smtpd_recipient_restriction=permit_mynetworks, reject_unauth_destination
that is I removed permit_sasl_authenticated.
if I add this condition, the mails are allowed to be sent outside the network and if I am removing the condition, any one can connect to port 25 and since there is no authentication can sent any number of mails to local recipients.
what is way that I can use sasl authenticaton on port 25, yet prevent it from relaying mails outside my nework.
I'm by no means proficient when it comes to administering postfix but I do know that you can always overwrite the restrictions on a per daemon level.
Take a look at postfix's master.cf, specifically the -o smtpd_xxx entries and google for an example.
Postfix allows relaying based on two criteria:
authentication (you removed that!)
network (this is controlled by $mynetworks)
I recommend you set the mynetworks variable to a single IP and localhost, something like:
mynetworks = ip.of_ser.ver, 127.0.0.1
I have no trouble sending out email with my EC2 server, but how can I check the email that is sent to me? I have an elastic IP setup and modified reverse DNS records. Do I need to install Postfix to receive email?
Ensure that port 25 is active and open on your server. Install an SMTP service on your instance ...postfix is mighty fine.
Ensure you have also set up some MX records if you want to receive email from the world...
I suppose the first thing to do is testing if you can open a telnet connection to port 25 on your server. Then you know if anything is listening for incoming mail.
If not, then you should probably install postfix as well as test your firewall settings (I seem to recall the EC2 having some sort of firewall setting for which ports to allow in the web interface)
edit: correct port number
How can I email to a domain whose SMTP server does not listen on the standard port 25? I need to email to it through webmail, like GMail.
I thought this would work:
user#domain.com:port
You can't do it with gmail. You need to configure a mail server to do this, and it's hard. The only other option is using a firewall to redirect traffic from 25 to your port.
(And this probably belongs on serverfault).
As I know the email message sending process looks like this:
The message is sent from sender's client to his server (say mail.com).
The mail.com server redirects the message to recipients server (say gmail.com).
Recipient's client connects to gmail.com and recieves new messages.
I'm interested in stage 2.
I thought that the servers use SMTP protocol to make this negotiation. And gmail.com server should listen to 25 port to recieve a connection from mail.com and other servers.
But then I try to connect gmail.com (exactly, Google service) on port 25, the server is not responding...
Why? What's wrong?
You need to delve into MX records a bit: Oversimplified DNS and MX record. The SMTP gateways use the MX records to route emails between each other. So, for a domain X the SMTP gateway might be mail.X : in other words, for gmail.com the mail gateway might be mail.gmail.com (example).
Mail servers do not redirect.
You have to use MX records to find a mail server. You can't just assume that there will be one on the bare domain name.
But then the mail server will either accept or reject your message. In some cases, usually only between very close and trusted friends, the mail server might RELAY your message onward to another mail server.
At one time, in the mid 90's, just about any mail server would accept a message and relay it. Many people relied on this behavior because IP packets would only travel 30 hops, and the edges of the Internet were more than 30 hops apart. For instance, Peru and Ukraine could not contact each other with IP packets, but they could both send mail to a server at aol.com and that mail server would relay it on to its destination.
It is best not to play around with email unless you read some modern up-to-date descriptions of how it works, and perhaps check the white papers at maawg.org. Also, many domains now expect strangers to submit their email via port 587 and authentication is required.