I just created my first Linode and I can’t send emails. Why? (Mailing ports 25, 465, and 587 blocked by default)

Linode Staff

In an effort to fight spam, new Linode accounts created after Tuesday, 5 November, 2019 have mailing ports (25, 465, and 587) restricted by default (see our blog post here for more information). If you would like to use your Linodes for sending email, you will first need to configure (1) a valid DNS A record and (2) rDNS for any Linodes that you plan to use to send emails. Our guides on configuring DNS and rDNS records within the Linode Manager are linked below:

https://www.linode.com/docs/platform/manager/dns-manager/#add-dns-records
https://www.linode.com/docs/networking/dns/configure-your-linode-for-reverse-dns/

Once your DNS configuration is complete, we ask that you simply open a Support ticket and provide us with some basic information about your mailing set-up:

  • Which Linode(s) will be used for mailing?
  • Can you confirm that your mailing practices are CAN-SPAM compliant?

If you have any additional questions, just reach out in a ticket!

14 Replies

This is good news! 👍

Does the A record have to be hosted on Linode's DNS manager or can it be hosted elsewhere as long as it and the rDNS match?

You won't need to use Linode's DNS Manager if you prefer to use your registrar or a third party service. We can verify your records using commands like dig and dig -x to ensure they match up. You can read more about these methods here.

The title of this post is misleading and almost caused me to skip it. It should be called "Mailing ports (25, 465, and 587) blocked by default". Also, this is a major change that might have gone out as a special notice to us. I will defer further comment to the appropriate places.

Hey @LenAyers,

Thanks for taking the time to let us know about your experience with this Community Post. It really helps us make sure that we're getting the information where it needs to go effectively.

At your request, we edited the title of this post to clarify.

Please let us know how else we can help out!

Sincerely,
Tara T
Linode Support Team

At first glance, it might not be obvious whether the message is about incoming or outgoing mail traffic.

Consider this opening statement:
Beginning Tuesday, 5 November, 2019, in an effort to fight spam, outgoing mail traffic from new Linode accounts with destination ports 25, 465, and 587 are restricted by default (see our blog post here for more information).

Regards,
jk04

@jyoo What information is needed if I prefer to use my own registrar, when i send a request to support to unblock the ports?

@jk04 --

You write:

At first glance, it might not be obvious whether the message is about incoming or outgoing mail traffic.

If port 25 is blocked, that means transfer of email is blocked (in both directions). If ports 587 & 465 (submission, clear/TLS respectively) are blocked, you won't be able to send email.

Note that, since port 25 is blocked, the status of the post-office protocols (pop3 & IMAP) on clear/TLS ports 110/995 (pop3) and 143/993 (imap) are inconsequential (although, a well-known spammer trick is to try to send mail by direct delivery to an imap server on ports 143/993).

-- sw

Depending on how Linode blocks email ports, you may not be able to send email at all. If Linode blocks all the mail ports on localhost, then no email will flow, period. If not, your php(1) apps will be able to send email to other users on your Linode only.

The Linode folks are pretty smart. I would guess that they only block extra-Linode mail (mail originating from or destined to addresses outside the Linode) and that they leave localhost alone.

-- sw

The Linode folks are pretty smart. I would guess that they only block extra-Linode mail (mail originating from or destined to addresses outside the Linode) and that they leave localhost alone.

I’m pretty sure they just firewall off the ports externally to the Linode rather than inspecting the traffic for destination addresses, or running anything on the Linode itself to block it.

Therefore any mail traffic that doesn’t leave the Linode won’t be affected.

@andysh --

Just to be pedantic, ports are neither internal nor external…they just are. Addresses are internal and/or external.

-- sw

Just to be pedantic, ports are neither internal nor external

Yes I know. I meant external in the context that the traffic to these ports is blocked externally to the Linode (i.e. it’s a separate firewall device that checks what addresses are allowed to send traffic to the SMTP ports and blocks any that haven’t yet been allowed.)

As opposed to a firewall or something blocking the traffic on the Linode itself.

My point being that SMTP traffic destined for ‘localhost’ will not leave the Linode and thus not likely to be blocked as it never hits the external firewall.

@andysh --

I knew that you knew that. In Linux and most Unix implementations (i.e., those with networking based on BSD -- Free/Net/OpenBSD, NeXTStep/Darwin, SunOS/Solaris, HP/UX etc.), traffic internal to localhost short-circuits the network stack for better performance. Ditto for local-domain (neé Unix-domain) sockets…

Also, notes to the OP… If you are doing something really simple, it’s pretty easy to write a server that handles SMTP and IMAP yourself (even in PHP if you like) so that you don’t even need a production-grade email system like postfix(1)/dovecot(1)… Such a beast would have really good performance and no security worries because traffic never leaves the Linode (esp if it used local-domain sockets). It wouldn’t need DNS either.

If I was doing what I think you are trying to do, this is the approach I’d take. I did something similar in Ruby once… Make sure you use open-source components so you can modify the networking interface to suit your needs.

I would add here, that you wouldn't have to use SMTP to accomplish your goals. This can be entirely done with HTTP & PHP…get creative. If you're stuck on using SMTP, you don't have to send the email to a server operated by you…you could use gmail.com. That will certainly be easier to set up and maintain than a production email server without DNS!

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct