I want to allow sending emails over SMTP through port 465. For that I tried different firewall rules, but with no success. My approach is that the firewall is the source and the destination is any and 465 is the destination port. However all the time I can’t reach port 465 of the remote SMTP server. i.e. telnet smtpserver.com 465 won’t connect.
Here is my firewall rule:
Have you tried setting Source to Standard Networks => Any ?
Yes, I tried that.
BTW: A connection from (W)LAN to port 465 on the WAN doesn’t need a special rule, if it is initiated from local networks.
Do you have any other FW rules that might be blocking this traffic?
@mitko you have a computer/device (running any email client) or a proper email server into your network?
I only have rules that open incoming ports, nothing for blocking.
The outgoing 465 is my only outgoing rule.
I want to use an external SMTP service. I have the credentials and outgoing mails are specified to go on port 465 on their server (I called it smtpserver.com in my post). If I try to connect to that server from some other machine, which is not behind IPFire, it works, i.e. telnet smtpserver.com 465 connects successfully. But behind the firewall this is blocked by the firewall obviously and I need a rule or some other setting to allow it.
Above I showed the settings of the rule and here is what it looks like in the overview. But it doesn’t do what I want.
Which isn’t necessary, because outgoing connections are allowed by default.
If SMTP access is blocked, there must be another blocking rule.
Is your mail service in a block list? Drop hostile.
Did you check the logs?
There are no outgoing connection attempts in the logs.
I found that it is my cloud provider (Hetzner) who is blocking port 465.
Here some details which might help other people who face this problem:
Unfortunately, email spammers and scammers like to use cloud hosting providers. And we at Hetzner naturally want to prevent this. That’s why we block ports 25 and 465 by default on all cloud servers. This is a very common practice in the cloud hosting industry because it prevents abuse. We want to build trust with our new customers before we unblock these mail ports. Once you have been with us for a month and paid your first invoice, you can create a limit request to unblock these ports for a valid use case. In your request, you can tell us details about your use case. We make decisions on a case-by-case basis.
I have used a SMTP service for many years and my provider (smtp2go) allows for several ports other than 465. Perhaps your provider does well?
