Please unblock port 25 (allow outbound mail connections)
This is of course already addressed in you documentation, but as far as we're concerned the given answer is inappropriate for us. We do not wish to spam anyone, send mass emails, or abuse the system in any other way. I would expect the service to allow us the chance to prove this and not block such outgoing traffic until any actual offense takes place.
I was very pleased to have started work on your platform, but this single issue is likely to force me to search for a different provider.
We are currently testing a new option that may help people send mail without using a third party service. If you are interested in testing this product, please fill out the interest request form here1. Product Management for the feature may reach out to you.
We are also continuing to make improvements to our system to allow for some customers that have an established relationship with us to apply for an exception to be able to send directly on port 25. There are a number of IP reputation issues that have to be worked through for such a use case, so it should not be considered a common solution that will meet everyone’s needs.
We will have more updates on both of these items over time.
Jagadeesh Sugumar commented
We have planned our move to Amazon AWS just because of the restrictions on mail port 25. Thank you GCE.
@ Paul Nash
Yes it was the default firewall. I figured that out later.
But with Google blocking ports, it took longer to realize it.
So the question is, is port 25 the only port that Google blocks or are there others?
Google should list what ports are blocked so that people new to Google VPS will know ahead of time, and save them frustration.
To fix the default firewall, click "create firewall rule" for Ingress with IP address 0.0.0.0/0
Then click "create firewall rule" for Egress with IP address 0.0.0.0/0
And setup firewall in the VPS.
It would also be nice if there was a simple on / off option for the external firewall.
I think you're referring to the fact that by default, Firewall Rules  prevent most ports from being accessed. This is a security feature and very much on purpose. Please refer to the docs for more details on how to open ports that you would like to use.
And it's not just port 25. Google blocks most ports. Only a small hand full does Google allow. This means that if you want to change your ssh port to make your server more secure, as is highly recommended, you will have trouble, as most ports are blocked. And as far as I can see, Google does not publish a full list of what ports it does not block. But most ports are blocked. Google should at least provide a list of what ports they allow.
Google has Gmail, and has no desire to compete with itself. Just like when you do a video search on Google you will get Youtube results and very few if any results from individual web sites.
Servers are naturally by default set up to send e-mail when there are issues. Not having e-mail on a server is like having a laptop with internet disabled.
Update to previous post:
I was able to repair a VM by imaging the drive, then creating another VM, then attaching a new drive using the VM image, then repairing that drive, then making another image of it, then creating a new VM using a drive created with the second image. So even though Google does not provide a virtual CD to do a repair, as most VPS providers do, This other method does work.
Google also does not have console access, nor a recovery boot disk.
Those things are standard on other VPN hosts.
Once your VM fails to let you ssh in, and it will, as google corrupts the system, you have no way of repairing it.
Gabriel Diaz commented
It's ridiculous. Only Google accounts can be used but Google restricts the number of emails that can be sent per day in a GSuite account. Then, create the PTR records, have DKIM, etc., Why, if they have port 25 closed.? Absolute ridiculous!
Google Cloud VPS aka "Compute Engine" is a joke. I have my server on Digital Ocean, and I love it. I thought since I was given some free time on this platform, I would try it out. Wow! it's unbelievably stupid. Go to https://www.digitalocean.com/?refcode=d4eb5006501e and get a real VPS. Nobody is going to put anything serious on the Google Cloud platform. If you just have something unimportant that you want to play around with, then fine, but any VPS hosting that blocks ports is of no value.
Any VPS hosting that blocks ports is of no value, no matter who has their name on it.
What a little serious. None of us who are studying the option to turn to google cloud does so with the intention of using it as a spamer. We must use corporate gmail accounts ??, I am in Argentina, $ 5 per account in a lot of money, as well to pay SendGrid. I have accounts in Amazon, where I can arrange and send emails from the same instance, I was inclined to google cloud because I thought it a better alternative. I see that it is not.
Lorant Nemeth commented
After convincing the customer to move their workloads to GKE and having one of their applications (does not need port 25) running in production @google ready, now we'll move all applications back to Amazon (they don't want to have two cloud service providers for their two applications) only because of this limitation (they are required to used their customers SMTP servers, which many still use port 25).
Before we start moving back things, can you confirm, that there's not even a manual process in order to enable port 25? I can provide valid use-cases, company background...
Also I'm not sure about the motivation here. Why allow port 465 and 587, but not 25? One can spam just as fine through a TLS connection (assuming no client cert based auth) if there's no authentication enforced (or an account is leaked) and/or the mail server is misconfigured (ie: open relay).
Brian Lowrance commented
I spent many weeks setting things up, with the intention of sending email. After reading:
"For example, applications that use SMTP require a PTR record that points to the domain from which an email is being sent" (https://cloud.google.com/compute/docs/instances/create-ptr-record) --I thought for sure there would be no issues, and email would be supported.
The documentation is very misleading. Why say "SMTP require a PTR record that points to the domain from which an email is being sent" in the docs, if you don't support SMTP?
Now I am familiar with Google Compute, and am super bummed that what I thought I was going to be able to do...I can't.
Google I'm very disappointed, there is no real reason for this $$$
PCS Web commented
When is this going to happen? I'm really very tired of paying $89/mo to Sendgrid while we wait!
GCP please let us know how long would it take to open port 25. so that we can plan accordingly.
I have just invested a whole work day to set up my own mail server for my own IT business and another customer that is waiting for an email solution...just to find out during "go-live" that Google blocks port 25 without ANY IN-HOUSE SOLUTION available that doesn't involve extra costs. I have prepaid Google Cloud and now I can't use those funds for my own needs. THIS IS UNACCEPTABLE. Look at AWS people! They know how to do service. Dear mighty Google, this is just a joke!! Isn't it???
PCS Web commented
Been trying to get my postfix to send on port 587 for hours now. Looks like port 25 may be our only hope.
we using validate_email library for emails validation and it requires port 25. Is there another solution?
465 and 587 are being tracked on a different item, and will be enabled in the near future.
Please unblock port 587 port. Why I have to use a third-party tool
This suggestion exists in UV, and is something we're looking at. Thanks for your feedback, I'll merge your vote with the larger item.
Allow outgoing SMTP.
This is a dealbreaker; AWS has it. Using a 3rd party relay removes all troubleshooting capabilities.