Please unblock port 25 (allow outbound mail connections)
This is of course already addressed in you documentation, but as far as we're concerned the given answer is inappropriate for us. We do not wish to spam anyone, send mass emails, or abuse the system in any other way. I would expect the service to allow us the chance to prove this and not block such outgoing traffic until any actual offense takes place.
I was very pleased to have started work on your platform, but this single issue is likely to force me to search for a different provider.
We are currently testing a new option that may help people send mail without using a third party service. If you are interested in testing this product, please fill out the interest request form here1. Product Management for the feature may reach out to you.
We are also continuing to make improvements to our system to allow for some customers that have an established relationship with us to apply for an exception to be able to send directly on port 25. There are a number of IP reputation issues that have to be worked through for such a use case, so it should not be considered a common solution that will meet everyone’s needs.
We will have more updates on both of these items over time.
@ Paul Nash
Hi, any news about port 25, we want to stay in Google Cloud Platform, but if that continues, we will have to migrate sadly or how do I request an exception for port 25
Please... when will this be completed? I can't use your "test product" in a customer-reliant production environment.
this is just a deal breaker...
Ok so when is this testing going to be completed so we can all have port 25 opened? You've cost me just about $1,000 with this so far, waiting!
Mick Wright commented
So what is basically the case here is that it is completely pointless me setting up VestaCP or any website where I want control of my email server, I'll be forced to use a (cough) trusted third party... what if I don't trust your trusted third party, they haven't met my criteria to be trusted have they? And I'm the customer right?
This blocking of outgoing email is essentially a showstopper here, surely, for heavens sake Google are aware of this, I refuse to believe you are all really that daft! There's no point in the compute engine for actual websites if in house, private, email analysis and outgoing emails are blocked? That seems a little pointless wouldn't you say?
Google are the worlds leader in machine learning, web applications, operating systems (given android), and cloud services, yet you can't distinguish a spammer who's credit card details and address you have from a bone-fide customer? Really? I find that extraordinarily hard to believe if I'm being honest here. In fact is complete nonsense, I'm not buying it! 100% of Google cloud customers have already demonstrated their full contact details, address, location and everything a spammer wouldn't give you in a billion years. You are punishing everyone based on the premise that some might be the dumbest spammers on earth and spam (which I'm sure they will for maybe a nanosecond until you'd shut them down) and the second premise is that you would be powerless to notice such SMTP traffic leaving their instance? Really?
This is not exactly engendering a lot of trust on my part if one of the largest IT companies on the planet can't determine spam from regular email. Yet you can of course. Google manage this feat of engineering fine with my gmail address. Also stop asking me for my email address at every turn and on every communication, its a google email address and I'm logged in...
In addition I found this out today, after spending several days rooting through config files in Vesta and Exim trying to work out why mail wasn't leaving my local server.... Thats just not good enough, you've eaten through my time. It might not be a lot to you guys but my time is money! You wasted my time here...
An email to the email address registered with my account, when my mails bounce off this firewall, would have been nice, and saved me a lot of time, time that makes your testing budget, given graciously (thank you) a pretty much pointless exercise! Thanks for that, that's just super!
Jagadeesh Sugumar commented
We have planned our move to Amazon AWS just because of the restrictions on mail port 25. Thank you GCE.
@ Paul Nash
Yes it was the default firewall. I figured that out later.
But with Google blocking ports, it took longer to realize it.
So the question is, is port 25 the only port that Google blocks or are there others?
Google should list what ports are blocked so that people new to Google VPS will know ahead of time, and save them frustration.
To fix the default firewall, click "create firewall rule" for Ingress with IP address 0.0.0.0/0
Then click "create firewall rule" for Egress with IP address 0.0.0.0/0
And setup firewall in the VPS.
It would also be nice if there was a simple on / off option for the external firewall.
I think you're referring to the fact that by default, Firewall Rules  prevent most ports from being accessed. This is a security feature and very much on purpose. Please refer to the docs for more details on how to open ports that you would like to use.
And it's not just port 25. Google blocks most ports. Only a small hand full does Google allow. This means that if you want to change your ssh port to make your server more secure, as is highly recommended, you will have trouble, as most ports are blocked. And as far as I can see, Google does not publish a full list of what ports it does not block. But most ports are blocked. Google should at least provide a list of what ports they allow.
Google has Gmail, and has no desire to compete with itself. Just like when you do a video search on Google you will get Youtube results and very few if any results from individual web sites.
Servers are naturally by default set up to send e-mail when there are issues. Not having e-mail on a server is like having a laptop with internet disabled.
Update to previous post:
I was able to repair a VM by imaging the drive, then creating another VM, then attaching a new drive using the VM image, then repairing that drive, then making another image of it, then creating a new VM using a drive created with the second image. So even though Google does not provide a virtual CD to do a repair, as most VPS providers do, This other method does work.
Google also does not have console access, nor a recovery boot disk.
Those things are standard on other VPN hosts.
Once your VM fails to let you ssh in, and it will, as google corrupts the system, you have no way of repairing it.
Gabriel Diaz commented
It's ridiculous. Only Google accounts can be used but Google restricts the number of emails that can be sent per day in a GSuite account. Then, create the PTR records, have DKIM, etc., Why, if they have port 25 closed.? Absolute ridiculous!
Google Cloud VPS aka "Compute Engine" is a joke. I have my server on Digital Ocean, and I love it. I thought since I was given some free time on this platform, I would try it out. Wow! it's unbelievably stupid. Go to https://www.digitalocean.com/?refcode=d4eb5006501e and get a real VPS. Nobody is going to put anything serious on the Google Cloud platform. If you just have something unimportant that you want to play around with, then fine, but any VPS hosting that blocks ports is of no value.
Any VPS hosting that blocks ports is of no value, no matter who has their name on it.
What a little serious. None of us who are studying the option to turn to google cloud does so with the intention of using it as a spamer. We must use corporate gmail accounts ??, I am in Argentina, $ 5 per account in a lot of money, as well to pay SendGrid. I have accounts in Amazon, where I can arrange and send emails from the same instance, I was inclined to google cloud because I thought it a better alternative. I see that it is not.
Lorant Nemeth commented
After convincing the customer to move their workloads to GKE and having one of their applications (does not need port 25) running in production @google ready, now we'll move all applications back to Amazon (they don't want to have two cloud service providers for their two applications) only because of this limitation (they are required to used their customers SMTP servers, which many still use port 25).
Before we start moving back things, can you confirm, that there's not even a manual process in order to enable port 25? I can provide valid use-cases, company background...
Also I'm not sure about the motivation here. Why allow port 465 and 587, but not 25? One can spam just as fine through a TLS connection (assuming no client cert based auth) if there's no authentication enforced (or an account is leaked) and/or the mail server is misconfigured (ie: open relay).
Brian Lowrance commented
I spent many weeks setting things up, with the intention of sending email. After reading:
"For example, applications that use SMTP require a PTR record that points to the domain from which an email is being sent" (https://cloud.google.com/compute/docs/instances/create-ptr-record) --I thought for sure there would be no issues, and email would be supported.
The documentation is very misleading. Why say "SMTP require a PTR record that points to the domain from which an email is being sent" in the docs, if you don't support SMTP?
Now I am familiar with Google Compute, and am super bummed that what I thought I was going to be able to do...I can't.
Google I'm very disappointed, there is no real reason for this $$$
When is this going to happen? I'm really very tired of paying $89/mo to Sendgrid while we wait!
GCP please let us know how long would it take to open port 25. so that we can plan accordingly.
I have just invested a whole work day to set up my own mail server for my own IT business and another customer that is waiting for an email solution...just to find out during "go-live" that Google blocks port 25 without ANY IN-HOUSE SOLUTION available that doesn't involve extra costs. I have prepaid Google Cloud and now I can't use those funds for my own needs. THIS IS UNACCEPTABLE. Look at AWS people! They know how to do service. Dear mighty Google, this is just a joke!! Isn't it???
Been trying to get my postfix to send on port 587 for hours now. Looks like port 25 may be our only hope.