SMTP assistance

Not sure what has gone wrong, but one of my sites can no longer send emails and just returns a nodemailer timeout error. On the website side the mail setup has not changed in years.

I finally came to the conclusion that it was something on Digital Ocean, so i went into the server console and tried a simple telnet session to the mail server, and after a lengthy period it returns Unable to connect to remote host: connection timed out

Because i have multiple other droplets I decided to test in the console on another droplet, and the telnet session opens right away. Considering it uses the exact same mail server, I thought it must be something on Digital Ocean. So I opened a support ticket and this is their response.

Hello,

Thank you for reaching out to DigitalOcean support. Here to help.

I understand your concern regarding sending emails and apologize for any inconvenience caused over here.

I have checked with our network team about this, and they have notified us that ports 465 and 587 have been blocked on droplets on March 6, 2025. This is to make sure that the DigitalOcean servers are not used to send spam emails. DigitalOcean is not a dedicated email host, and stopping spam is a constant fight. Due to this, restrictions have been imposed on all accounts. Please check the latest release notes to have more information on this:

I would recommend you to use dedicated email deliverability platforms, as they are better equipped to handle factors like IP reputation and sender reputation.

Should you have any other questions, feel free to reach out to us.

Swimmingly,
Senior Cloud Support Engineer
DigitalOcean

Following the link says the following

March 2025

6 March

• SMTP ports 465 and 587 are now blocked on Droplets.

Not to sound completely dumb, but I was under the impression that I was not sending email using Digital Ocean at all, but instead the app running on the droplet was asking the mail server on port 465 to send the email?

Am I confused, I am not even really sure how to answer the Digital Ocean support person to be honest, and if their port blocking has caused the error, then why are all my other droplets still working correctly?

Can someone please try explain this to me better.

Sorry to be a pain, but anyone got any thoughts on what i should try next?

Are you using the Mailer component and that is not working? At the moment, mine is still sending to smtp.office365.com on port 587.

Here's the official statement. As a long-time supporter of DO, I think this is heavy-handed.

I would ask the tech to escalate your ticket and tell them you use an email sending platform and connect to it via the SMTP ports. Even sendgrid uses SMTP as one of the options.

Could you also see if your provider uses port 587 and see if that works?

So they can remove any blocks on your account.

Thanks Keith, nice to get confirmation from you that we thinking the same way on this, even with their blocks i should still be able to make an outbound connection to port 25, 465, 587, even though I can not make an inbound connection to those ports to avoid me running an actual mail server off a droplet.

I have asked Digital Ocean to escalate the ticket.

As a test I created a brand new droplet on the same LON1 datacenter and popped on a simple wappler project with a super simple form, setup the Mailer component with the exact same details as the server that is not working, and the email worked perfectly.
I also logged into the SSH console through Digital Ocean and did a telnet session with the command OPEN send.one.com 465 and it worked perfectly right away. Also managed to run a EHLO on it and that worked as well.

I then went and opened a SSH Console on the server that has stopped working and did the same procedure, which all gave Timeout errors. I also tried port 25 and 587 and both the same.

So personally i think they just blocked the outbound ports on this server as well as the inbound by mistake or something.

Might be worth opening another ticket and hopefully getting a different support person to see if they will remove the block, or at least get them to confirm that it is blocked.

True, I may try that, because the person I am chatting with I dont think is quite understanding, that it works on 1 and not the other, so how can it be due to the new rule they have imposed. If they have decided to block those 3 ports as inbound and outbound rules I would have to move all 40 odd droplets i have with them some place else. I mean if thats the case not even wordpress would work for mailing, it just makes no sense.

I'm not sure if you'll have the same outcome, but I submitted feedback on their idea board, and someone reviewed it and created a support ticket, which resulted in the email screenshot above.

I will try the same, and hope I get the same outcome, I agree it is very heavy handed.

I wish you the best of luck. I was also not able to send via port 587 or 465 and got the same response. They promoted their two smtp relay servers.

I decided to use gmail's smtp relay server instead.

My droplet does not even work with gmails relay server.

Digital Ocean has responded saying they have reset the droplets networking and asked me to try again, as they do understand that it is odd that this works on other droplets I have, and only this one droplet is having the error. Sadly it still does not work, so I think the safest solution would be for me to just create a new server droplet and deploy to that instead and see if it works.

The second ticket I opened the person is arguing that there is no difference between my Nodejs > nodemailer app sending outbound traffic on port 465 to an external mail server such as smtp.gmail.com and me physically running an actual mail server, which I think is completely nuts.

This is the way I understand the difference between what a mail server does, vs what a web server running Nodejs > nodemailer does.

1. Mail Server (SMTP)

• Port 25: Used for SMTP server-to-server communication (Inbound & Outbound).
• Port 465: Used for SMTP over SSL (Deprecated but still used in some cases).
• Port 587: Used for SMTP with STARTTLS (Outbound - Client to Server).

2. Web Server (Node.js + Nodemailer)

• The web server running Node.js and Nodemailer does not act as a mail server.
• It sends emails via an external SMTP server (e.g., Gmail, SendGrid).
• This traffic (Node.js to external SMTP server) is outbound only and (Uses Port 587 or 465).

If any server specialists in here please feel free to let me know if I am misunderstanding.

I thought the same as that person that replied your ticket, but this is a very interesting situation because I know it's common for providers to block SMTP ports, yet I think this is the first time I see people complaining it doesn't work. I think people seemed to work fine with third-party email sending providers because they often provide alternative ports where you can establish an SMTP connection rather than using the traditional SMTP ports (25 and 465), or instead of SMTP using an HTTP API.

So, I believe the "solution" is use use a third-party transactional email sending service, which may include SendGrid, Mailgun, Postmark, MailTrap, Amazon SES and so on, and use the alternative SMTP ports they mention (if any [if not, complain to DigitalOcean so they help you figure out]).

P.S.: Amazon SES is the cheapest, Postmark has the better delivery, and I'm looking to try MailTrap's sending service

Thanks Apple, quite interesting, but I still think it would be understandable to block web server inbound traffic for all known SMTP ports to avoid people starting up their own mail servers on DO Droplets, makes perfect sense.

However blocking web server outbound SMTP ports sounds hardcore, i mean, every wordpress site running on a DO Droplet would have to all go get something like an Amazon SES account and set it all up. Not to sound dismissive to wordpress people, but i mention that particularly as it should work out the box, be easy to setup etc. for the average person with fairly little server infrastructure knowledge, and even I struggled with figuring out Amazon SES, it was like reading a lawyers contract, barely understandable.

I suppose it depends what their end goal is, if its to stop full on mail servers on droplets, then bloking inbound traffic should be all thats needed, but if it is taking every single website running php with postfix, as well as all nodejs sites with nodemailer and all wordpress sites, and breaking all their little internal forms from sending emails to fully qualified external mail servers, then they on the right track, but it is going to be tricky for many people.

One other thing just out of interest, is that I have one client who uses google workspaces for sending emails, as i setup blackpearl mail as the relay to attach signatures at server level, which means that even the forms being sent throught the website are all auto branded with the companies custom signatures, for situations like that, which may not be all that common i suppose, it would bypass black pearl mails relays which they would not be too happy about.

Amazon Web Services can be difficult for newcomers indeed, the other companies I mentioned might be easier to understand.

As for the inbound/outbound talk, they have no interest blocking inbound, their interest is precisely blocking outbound so VPSs (droplets) can't send (outbound) SPAM

Edit: On a side note, WordPress people usually use cPanel, right? Where the hosting provider takes care of all shenanigans (some providers at least, others could happen they also block SMTP)

Thanks Apple, glad you confirmed AWS is a bit confusing, I honestly felt like an idiot when I tried, and thought it was just me, lol.

I do understand what you mean about the inbound/outbound side of things, and it does make sense. I wonder if there were some way they could only do their blocking after a certain limit, like 5000 emails a month or something. Most of my sites forms may get 1000 enquiries a month if i am lucky.

Digital Ocean has a marketplace where they offer a wordpress install without even the cPanel side, just wordpress on its own, which i have used from time to time. I have also used the cPanel / WordPress one, which does take care of much of the issue. Most of the time however i use the WHM version, as then i can install multple cPanel licences as well as multiple webservers etc, just like a dedicated hosting account, and WHM is like a full fledged mail server too. I wonder if they are going to have to stop providing some of those, as they will not really work with the blocking they imposing.

I asked ChatGPT and this was its response out of interest. Being AI of course it kind of contradicted itself on point 1s second paragraph, but not bad overall i thought.

Screenshot 2025-03-12 at 08.26.30750×1816 173 KB

Final update: Digital Ocean has unblocked my account and all works again, whew, what a long 2 days of this lot.

For anyone still experiencing the same problem, we solved it by creating a custom firewall rule in the DigitalOcean dashboard, allowing outgoing traffic on port 465.

I saw that had worked for some people in a post and also did that, sadly in my particular case it did not fix the problem.