Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, July 10, 2018 12:26 PM
Hello,
I need to send SMTP mails from a VM located in subscription 2xxxxxxxxxxxx
Can you open TCP destination ports 25 & 587 ? I know they are closed by default, to prevent Azure VMs to send spams.
Vnet is FayatVN
Resource Group is xxxxxx
Network interface is xxxxx
Public IP Address is xxxxx
Thank you
All replies (2)
Tuesday, July 10, 2018 2:05 PM
Yes, by default these ports are blocked for both new and existing customers to prevent malicious users from using Azure IP addresses for abuse and adversely affecting the reputation of all Azure IPs.
Microsoft recommends that you utilize authenticated SMTP relay services (typically connected via TCP port 587, but often others, as well) to send email from Azure Virtual Machines. SMTP relay services specialize in sender reputation, to minimize the possibility that third-party email providers reject messages. Such SMTP relay services include, but are not limited to, Exchange Online Protection and SendGrid. Use of SMTP relay services is in no way restricted in Azure, regardless of your subscription type.
- Enterprise Agreement: Outbound port 25 communication is allowed. You are able to send outbound email directly from virtual machines to external email providers, with no restrictions from the Azure platform.
- Pay-as-you-go: Outbound port 25 communication is blocked from all resources. If you need to send email from a virtual machine directly to external email providers (not using an authenticated SMTP relay), you can make a request to remove the restriction. Requests are reviewed and approved at Microsoft's discretion and are only granted after anti-fraud checks are performed. To make a request, open a support case with the issue type Technical, Virtual Network Connectivity, cannot send e-mail (SMTP/Port 25).
- MSDN, Azure Pass, Azure in Open, Education, BizSpark, and Free trial: Outbound port 25 communication is blocked from all resources. No requests to remove the restriction can be made, because requests are not granted. If you must send email from your virtual machine, you must use an SMTP relay service.
- Cloud service provider: Customers that are consuming Azure resources via a cloud service provider can create a support case with their cloud service provider, and request that the provider create an unblock case on their behalf, if a secure SMTP relay cannot be used.
Suggest you to refer the below article:
/en-us/azure/virtual-network/security-overview#azure-platform-considerations
NOTE: If Azure allows you to send email over port 25, Microsoft cannot guarantee email providers will accept inbound email from your virtual machine. If a specific provider rejects mail from your virtual machine, you must work directly with the provider to resolve any message delivery or spam filtering issues or use an authenticated SMTP relay service.
Also, would suggest you to upvote in the feedback link regarding the blocked ports.
Thursday, July 12, 2018 11:39 AM
Just checking in if you have had a chance to see the previous response.
Do let us know if you need any help.