Reputation: 912
Can't connect to port 25 on Google Compute instance (incoming SMTP)
I am running postfix on a Google Compute instance. It is listening on 0.0.0.0:25, and I have opened port 25 on the firewall, but I cannot connect to it from the outside. I have reviewed this and this, but they do not resolve my issue. I don't see anything in the Google Compute documentation that would explain this.
The port is open on the firewall:
% gcutil --project=XXX getfirewall smtp
+---------------+-------------------------------+
| name | smtp |
| description | Incoming smtp allowed. |
| creation-time | 2014-06-08T13:29:16.052-07:00 |
| network | default |
| source-ips | 0.0.0.0/0 |
| source-tags | |
| target-tags | |
| allowed | tcp: 25 |
+---------------+-------------------------------+
From the outside, I can connect to port 80 (which is also open)...
% telnet 108.XXX.XXX.XXX 80
Trying 108.XXX.XXX.XXX...
Connected to 108.XXX.XXX.XXX.
Escape character is '^]'.
GET /
<!DOCTYPE html>
<html ...>
...
</html>Connection closed by foreign host.
...but not to port 25:
% telnet 108.XXX.XXX.XXX 25
Trying 108.XXX.XXX.XXX...
telnet: connect to address 108.XXX.XXX.XXX: Operation timed out
telnet: Unable to connect to remote host
postfix is listening on all interfaces:
% gcutil --project=XXX ssh --zone=us-central1-a XXX sudo netstat -lpn -A inet
...
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
...
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 10794/master
...
I can look up the "external" address...
% gcutil --project=XXX ssh --zone=us-central1-a XXX /sbin/ifconfig eth0
...
eth0 Link encap:Ethernet HWaddr 42:01:0a:XX:XX:XX
inet addr:10.XXX.XXX.XXX Bcast:10.XXX.XXX.XXX Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1460 Metric:1
RX packets:46397953 errors:0 dropped:0 overruns:0 frame:2
TX packets:34953374 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5031906871 (4.6 GiB) TX bytes:49375287245 (45.9 GiB)
...and telnet to port 25 on it from the box:
% gcutil --project=XXX ssh --zone=us-central1-a XXX telnet 10.XXX.XXX.XXX 25
...
Trying 10.XXX.XXX.XXX...
Connected to 10.XXX.XXX.XXX.
Escape character is '^]'.
220 XXX ESMTP Postfix (Debian/GNU)
EHLO localhost
250-XXX
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
Any assistance is greatly appreciated.
Upvotes: 1
Views: 5653
Answers (2)
Reputation: 912
As @GregHewgill and @complistic pointed out in their respective comments, it is my ISP (or an intermediary) who was not routing traffic for port 25. I have been unable to connect to any port 25 outside of my immediate LAN. It is somewhat embarrassing that I have never noticed this before.
Hopefully anyone with a similar issue can find this question (and answer) before spinning their wheels in ignorance like I did.
Thanks all for your help!
Upvotes: 2
Reputation: 1
Take a look at this link Blocked traffic where it says that Google blocks or restricts traffic through all of the following ports/protocols between the Internet and virtual machines on specified ports.
Hope this helps.
Mary
Upvotes: 0
Related Questions
- How to enable port 25 in oracle cloud instance?
- Cannot send mails for gmail address from nodejs nodemailer using port 25 on AWS EC2 instance
- cannot sendmail myself from Google Compute Engine
- SES port is blocked in GCP
- Unable to send mails with SMTP in GCE instances
- Google Compute Engine Port 25 Outbound 'Bypass'?
- Not able to telnet smtp server from google cloud vm
- EXIM on Port 25 from WHM/cPanel on a Google Compute VM Instance
- Google Compute Engine will not allow incoming smtp connections
- Linux not accepting connections to port 25