How can we improve Compute Engine?

Please unblock port 25 (allow outbound mail connections)

This is of course already addressed in you documentation, but as far as we're concerned the given answer is inappropriate for us. We do not wish to spam anyone, send mass emails, or abuse the system in any other way. I would expect the service to allow us the chance to prove this and not block such outgoing traffic until any actual offense takes place.
I was very pleased to have started work on your platform, but this single issue is likely to force me to search for a different provider.

386 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminPaul Nash (Product Manager, GCE, Google) responded  · 

    Hello folks,

    We are currently testing a new option that may help people send mail without using a third party service. If you are interested in testing this product, please fill out the interest request form here1. Product Management for the feature may reach out to you.

    We are also continuing to make improvements to our system to allow for some customers that have an established relationship with us to apply for an exception to be able to send directly on port 25. There are a number of IP reputation issues that have to be worked through for such a use case, so it should not be considered a common solution that will meet everyone’s needs.

    We will have more updates on both of these items over time.

    1 https://www.google.com/url?q=https://docs.google.com/forms/d/e/1FAIpQLScg6ponYf4bc9HftBh4H4LypqpqKm3AS3bEJ20u_EfgTw59GQ/viewform&sa=D&source=hangouts&ust=1539107700687000&usg=AFQjCNFJ4f8dyp1OgCLUwjeLWoUKY1-Z6Q

    32 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Wayne Sallee commented  ·   ·  Flag as inappropriate

        @ Paul Nash

        Yes it was the default firewall. I figured that out later.

        Thanks.

        But with Google blocking ports, it took longer to realize it.

        So the question is, is port 25 the only port that Google blocks or are there others?
        Google should list what ports are blocked so that people new to Google VPS will know ahead of time, and save them frustration.

        To fix the default firewall, click "create firewall rule" for Ingress with IP address 0.0.0.0/0
        Then click "create firewall rule" for Egress with IP address 0.0.0.0/0

        And setup firewall in the VPS.

        It would also be nice if there was a simple on / off option for the external firewall.

        Wayne Sallee
        Wayne@WayneSallee.com

      • Wayne Sallee commented  ·   ·  Flag as inappropriate

        And it's not just port 25. Google blocks most ports. Only a small hand full does Google allow. This means that if you want to change your ssh port to make your server more secure, as is highly recommended, you will have trouble, as most ports are blocked. And as far as I can see, Google does not publish a full list of what ports it does not block. But most ports are blocked. Google should at least provide a list of what ports they allow.

        Google has Gmail, and has no desire to compete with itself. Just like when you do a video search on Google you will get Youtube results and very few if any results from individual web sites.

        Servers are naturally by default set up to send e-mail when there are issues. Not having e-mail on a server is like having a laptop with internet disabled.

        Update to previous post:
        I was able to repair a VM by imaging the drive, then creating another VM, then attaching a new drive using the VM image, then repairing that drive, then making another image of it, then creating a new VM using a drive created with the second image. So even though Google does not provide a virtual CD to do a repair, as most VPS providers do, This other method does work.

        Wayne Sallee
        Wayne@WayneSallee.com

      • Wayne Sallee commented  ·   ·  Flag as inappropriate

        Google also does not have console access, nor a recovery boot disk.

        Those things are standard on other VPN hosts.

        Once your VM fails to let you ssh in, and it will, as google corrupts the system, you have no way of repairing it.

        Wayne Sallee
        Wayne@WayneSallee.com

      • Gabriel Diaz commented  ·   ·  Flag as inappropriate

        It's ridiculous. Only Google accounts can be used but Google restricts the number of emails that can be sent per day in a GSuite account. Then, create the PTR records, have DKIM, etc., Why, if they have port 25 closed.? Absolute ridiculous!

      • Wayne Sallee commented  ·   ·  Flag as inappropriate

        Google Cloud VPS aka "Compute Engine" is a joke. I have my server on Digital Ocean, and I love it. I thought since I was given some free time on this platform, I would try it out. Wow! it's unbelievably stupid. Go to https://www.digitalocean.com/?refcode=d4eb5006501e and get a real VPS. Nobody is going to put anything serious on the Google Cloud platform. If you just have something unimportant that you want to play around with, then fine, but any VPS hosting that blocks ports is of no value.

        Any VPS hosting that blocks ports is of no value, no matter who has their name on it.

        Wayne Sallee
        Wayne@WayneSallee.com

      • Fernando commented  ·   ·  Flag as inappropriate

        What a little serious. None of us who are studying the option to turn to google cloud does so with the intention of using it as a spamer. We must use corporate gmail accounts ??, I am in Argentina, $ 5 per account in a lot of money, as well to pay SendGrid. I have accounts in Amazon, where I can arrange and send emails from the same instance, I was inclined to google cloud because I thought it a better alternative. I see that it is not.

      • Lorant Nemeth commented  ·   ·  Flag as inappropriate

        After convincing the customer to move their workloads to GKE and having one of their applications (does not need port 25) running in production @google ready, now we'll move all applications back to Amazon (they don't want to have two cloud service providers for their two applications) only because of this limitation (they are required to used their customers SMTP servers, which many still use port 25).

        Before we start moving back things, can you confirm, that there's not even a manual process in order to enable port 25? I can provide valid use-cases, company background...

        Also I'm not sure about the motivation here. Why allow port 465 and 587, but not 25? One can spam just as fine through a TLS connection (assuming no client cert based auth) if there's no authentication enforced (or an account is leaked) and/or the mail server is misconfigured (ie: open relay).

      • Brian Lowrance commented  ·   ·  Flag as inappropriate

        I spent many weeks setting things up, with the intention of sending email. After reading:

        "For example, applications that use SMTP require a PTR record that points to the domain from which an email is being sent" (https://cloud.google.com/compute/docs/instances/create-ptr-record) --I thought for sure there would be no issues, and email would be supported.

        The documentation is very misleading. Why say "SMTP require a PTR record that points to the domain from which an email is being sent" in the docs, if you don't support SMTP?

        Now I am familiar with Google Compute, and am super bummed that what I thought I was going to be able to do...I can't.

      • PCS Web commented  ·   ·  Flag as inappropriate

        When is this going to happen? I'm really very tired of paying $89/mo to Sendgrid while we wait!

      • Jagadeesh commented  ·   ·  Flag as inappropriate

        GCP please let us know how long would it take to open port 25. so that we can plan accordingly.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I have just invested a whole work day to set up my own mail server for my own IT business and another customer that is waiting for an email solution...just to find out during "go-live" that Google blocks port 25 without ANY IN-HOUSE SOLUTION available that doesn't involve extra costs. I have prepaid Google Cloud and now I can't use those funds for my own needs. THIS IS UNACCEPTABLE. Look at AWS people! They know how to do service. Dear mighty Google, this is just a joke!! Isn't it???

      • PCS Web commented  ·   ·  Flag as inappropriate

        Been trying to get my postfix to send on port 587 for hours now. Looks like port 25 may be our only hope.

      • Anonymous commented  ·   ·  Flag as inappropriate

        hello,
        we using validate_email library for emails validation and it requires port 25. Is there another solution?

        thanks

      • Magnus commented  ·   ·  Flag as inappropriate

        Allow outgoing SMTP.

        This is a dealbreaker; AWS has it. Using a 3rd party relay removes all troubleshooting capabilities.

      ← Previous 1

      Feedback and Knowledge Base