For years, many hosting providers have been blocking port 25 in an effort to combat spam. While this can help avoid spam abuse on the network, it does cause problems for users who are sending valid email from their servers. By default, all mail servers use port 25 when it comes to relaying messages to other servers. Blocking this port prevents your server from being able to connect and deliver messages to any remote locations. If your provider has blocked port 25, only incoming email and local mail delivery would be operational. However, there are still options available to allow your server to send email.
First, it is important to note that only changing the outgoing SMTP port is not an option. While cPanel can alter the SMTP port for incoming messages, other remote servers are not guaranteed to be listening for incoming messages on those same ports. Even if these ports are open for some destinations, the remote servers may not be configured to receive messages relayed in this way over those ports. This means messages would need to be sent over port 25 to ensure that they are received properly by the remote servers.
Confirming the Block
There are a few things to check to confirm that your provider is blocking port 25. First, double-check your own server's firewall rules to ensure that they are allowing outgoing connections on port 25. This can be done on your server via SSH using the
[root@test ~]# iptables -L -n | grep :25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
Check for any rules marked, "DROP". Any rules marked, "ACCEPT", are normal and expected. If you have any external or network firewalls, check those, as well.
Also, many providers will inform you about potential blocks in their documentation. If you do not see a block in either your server's local or external firewall, you can test for yourself via SSH on the server or the Terminal in WHM. This test uses either the
nc mail.remote-server.tld 25
telnet mail.remote-server.tld 25
These commands tell the server to make an outgoing connection over port 25 to the location specified. You can replace "mail.remote-server.tld" with a valid mail exchanger to test against specific mail servers. If these tests result in a timeout, it generally indicates a block on that port.
If you do not have the
telnet service installed on your server, you can install it via
yum install nmap-ncat
yum install telnet
Once you confirm the existence of a block, you will need to determine how to move forward.
Some providers block port 25 automatically but are willing to remove the block if asked. In these cases, you may need to contact their support team or review their documentation to see what steps they require. This could be as simple as making the request, or it may involve filling out a form indicating what kind of email you would be sending from the server. Once the port is opened, your server should be able to send normally.
Please be aware that the provider may block the port again if they receive reports of spam, so you would want to be especially vigilant about outgoing spam. If the port is blocked for spam, your provider may not re-open it.
If the provider is not willing to open access, they might provide their own smarthost or relay that you can use. This would be a relay on their network that receives email from your server and passes it on to its final destination. The provider would provide any necessary details for the smarthost, which would be configured via WHM in the Exim Configuration Manager.
Since a smarthost typically relays messages for a large number of servers, its IP address could become blacklisted. Additionally, the use of a smarthost can cause a slight delay in delivering email, as messages are being sent through an additional server first. If there are problems with your emails after they are sent from the server, you would need to work with your provider to review the logs on the smarthost for potential issues.
If your provider does not provide their own smarthost, you may be able to use a separate third-party smarthost. These hosts receive messages over an alternate, unblocked port (such as 2525), then relay them to the destination over port 25. There are many different providers with different levels of support and features. Here are tutorials on how to configure both SendGrid and MailGun as smarthosts:
Since relaying mail is their business, these companies are usually good about keeping their IP addresses off of blacklists. However, there is still a chance that there could be a problem with the initial configuration or slight delays. Many providers offer a free tier, but larger volumes of email would require a subscription.
If you want to control the environment yourself, you could configure a separate server that functions as a standalone mail server. This would require a second server on a network that is not blocking port 25. You would then install the service you wish to use for mail (such as cPanel, Microsoft Exchange, etc.), and manage the individual accounts directly on the server. If you opt for a cPanel server, you may want to look at the Mail node profile that was recently introduced. You can read about this profile as well as some planned features for it in our documentation here:
Rather than your server relaying all messages through the mail server, your clients would connect directly to this server to authenticate with their accounts and send messages. Please note that cPanel on the first server would no longer control the mail accounts, and any email users would need to be created on the new server. This would also require changing the MX records for the domain at the DNS provider. Additionally, you would need to make sure that the accounts were configured as remote domains inside of cPanel. This can be managed through the “Edit DNS Zone” option in WHM or the “Email Routing” option in cPanel for the account. Finally, if you are using an SPF, DKIM, or DMARC record, you would need to ensure it was updated to include the standalone server IP address.
This would provide you with full control over the environment you were using, and it would allow you to check the logs for any problems. Since it would be separate from your primary server, your mail server would also remain online if there were issues with your main server. However, this would have the added cost of a second server and could require an experienced administrator to configure and manage.
You could also host your own smarthost. This would require configuring an additional server on a network that was not blocking port 25 and was listening for incoming mail connections on an alternate port. This could be a basic mail-server installation, a third-party mail server (like Microsoft’s Exchange), or another cPanel server. While this would require a little more initial setup, it would allow you to continue using the same cPanel server to manage both the sites and the email.
This option would allow full control over the environment and would also allow you to monitor the server logs for any delivery issues. This control does come with the added cost of a second server and software. It could also require an administrator who is very knowledgeable about mail servers and their configurations.
Finally, there is always the option to use a third-party entirely for your mail services. Some common examples of this are cloud-hosted solutions such as Google’s G-Suite or Outlook’s Business Email.
When using a third-party email service, cPanel would no longer manage the individual accounts. As such, you would want to ensure that any accounts were created through the new mail provider. This would also require changing the MX records for the domain at the DNS provider. Additionally, you would want to ensure that the accounts were configured as remote domains inside of cPanel. This can be managed through the “Edit DNS Zone” option in WHM or the “Email Routing” option in cPanel for the account. Finally, if you are using an SPF, DKIM, or DMARC record, you would want to ensure it was updated to include the third-party provider. Most providers will have their own recommendations for these settings.
Third-party services do have several advantages. For example, the services run independently of your hosting server, so if there is an outage on your server, email would still remain available. You would also be sending through the provider's servers, so messages are less likely to be marked as spam. Additionally, these types of services often have robust spam-filtering for incoming messages.
However, there are also a few disadvantages. Third-party services almost always have an added cost. Also, the lack of access to the server logs means you would need to rely on the third-party's support team for assistance with diagnosing email issues.
While blocks against port 25 do hinder legitimate email, there are several different options that are available to bypass those blocks. Some providers will remove these blocks or provide a relaying server. However, hosting your own separate mail server or using a third-party solution are also viable options. There are advantages and disadvantages for each of these options, so you should confer with your system administrator to determine which option is best for you.