For years, many hosting providers have been blocking port 25 in an effort to combat spam. While this can help avoid spam abuse on the network, it does cause problems for users who are sending valid email from their servers. By default, all mail servers use port 25 when it comes to relaying messages to other servers. Blocking this port prevents your server from being able to connect and deliver messages to any remote locations. If your provider has blocked port 25, only incoming email and local mail delivery would be operational. However, there are still options available to allow your server to send email.
First, it is important to note that only changing the outgoing SMTP port is not an option. While cPanel can alter the SMTP port for incoming messages, other remote servers are not guaranteed to be listening for incoming messages on those same ports. Even if these ports are open for some destinations, the remote servers may not be configured to receive messages relayed in this way over those ports. This means messages would need to be sent over port 25 to ensure that they are received properly by the remote servers.
Confirming the Block
There are a few things to check to confirm that your provider is blocking port 25. First, you may want to double check your own server's firewall rules to ensure that these are allowing outgoing connections on port 25. This can be done on your server via SSH using the "iptables" command:
[root@test ~]# iptables -L -n | grep :25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
You would want to check for any rules that say "DROP". Any rules saying "ACCEPT" are normal and expected. If you have any external or network firewalls, please ensure that you check those as well.
Next, many providers will inform you about potential blocks in their documentation somewhere. If you do not see a block in either location, you can test this for yourself via SSH on the server or the Terminal in WHM. This test would use either the "nc" (netcat) or "telnet" command:
nc mail.remote-server.tld 25
telnet mail.remote-server.tld 25
This instructs the server to make an outgoing connection over port 25 to the location specified. You can replace "mail.remote-server.tld" with a valid mail exchanger to test against specific mail servers. If these tests result in a timeout, it would generally indicate a block on that port.
If you do not have the netcat or telnet service installed on your server, you should be able to install it via yum:
nc mail.remote-server.tld 25
telnet mail.remote-server.tld 25
After confirming that there is a block, you would need to determine how you want to move forward.
Some providers will block port 25 automatically but are willing to remove the block if asked. In these cases, you may need to contact their support team or review their documentation to see what steps they require. This could be as simple as making the request, or it may involve filling out a form indicating what kind of email you would be sent from the server. Once the port was opened, your server would be able to send normally.
Please be aware that the provider may block the port again if they receive reports of spam. As such, you would want to be especially vigilant in regards to outgoing spam. If the port is blocked for spam, your provider may not reopen it.
If the provider is not willing to open access, they might provide their own SmartHost or relay that you can use. This would be a relay on their network that receives email from your server and passes it on to its final destination. The provider would provide any necessary details for the SmartHost, and this could be configured via WHM in the Exim Configuration Manager.
Since this is typically relaying messages for a large number of servers, it could be possible for the relay IP to become blacklisted. Additionally, this can cause a slight delay in delivering the email since the message is being sent through an additional server first. If there are problems with your emails after they are sent from the server, you would need to work with your provider to review the logs on the SmartHost for potential issues.
If your provider does not provide their own SmartHost, you may be able to use a separate third-party SmartHost. These would receive the message over an alternate, unblocked port (such as 2525) and then relay it to the destination over port 25 for you. There are many different providers with different levels of support and features. You can see just a few of these below:
Again, this is only a short list of providers, and you may want to do your own research if these do not meet your requirements exactly.
Enabling these services would typically require changes through the Advanced Editor of the Exim Configuration Manager in WHM. This is due to the extra authentication your server must do with the SmartHost servers. Most companies have their own knowledge base with the necessary settings and can assist with setup, but you may need to contact your server administrator for more advanced configurations.
We do have tutorials available for configuring both SendGrid and MailGun as a SmartHost. If you want to use either of these, you can find links to these tutorials below:
Tutorial - How to use SendGrid as a Smarthost
Tutorial - How to use MailGun as a Smarthost
Since relaying mail is their business, they are typically good about keeping their IPs off of blacklists. However, there is still a chance that there would be a problem with the initial configuration or slight delays. Many of these offer a free tier, but larger volumes of email would require a subscription.
If you want to control the environment yourself, one option would be to configure a separate server that functions as a standalone mail server. This would require a second server on a network that was not blocking port 25. You would then install the service you wish to use for mail (such as cPanel, Microsoft Exchange, etc.) and manage individual accounts directly on this server. If you opt for a cPanel server, you may want to look at the Mail node profile that was recently introduced. You can read about this profile as well as some planned features for this in our documentation at the following links:
How to Use Server Profiles
Server Profiles Roadmap
Rather than your server relaying all messages through the mail server, your clients would connect directly to this server to authenticate with their accounts and send messages. Please note that cPanel on the first server would no longer control the mail accounts, and any email users would need to be created on the new server. This would also require changing the MX records for the domain at the DNS provider. Additionally, you would want to ensure that the accounts were configured as remote domains inside of cPanel. This can be managed through the “Edit DNS Zone” option in WHM or the “Email Routing” option in cPanel for the account. Finally, if you are using an SPF, DKIM, or DMARC record, you would want to ensure it was updated to include the standalone server IP.
This would provide full control over the environment you were using, and it would allow you to check the logs for any problems. Since this is separate from your primary server, it would also remain online if there were issues with your main server. However, this would have the added cost of a second server and could require an experienced administrator to configure and manage.
If you would rather host your own SmartHost, this is also an option. This would require configuring an additional server on a network that was not blocking port 25 and is listening for incoming mail connections on an alternate port. This could be a basic mail server installation, a third-party mail server (like Microsoft’s Exchange), or another cPanel server. While this would require a little more initial setup, it would allow you to continue using the same cPanel server for managing both the sites and email.
This option would allow full control over the environment and allow you to monitor the logs for any delivery issues as well. This control does come with the added cost of a second server and software. It could also require an administrator that was very knowledgeable about mail servers and their configurations.
Finally, there is always the option to simply use a third party entirely for your mail services. Some common examples of this would be cloud hosted solutions like Google’s G-Suite or Outlook’s Business Email.
When using a third-party email service, cPanel would no longer manage the individual accounts. As such, you would want to ensure that any accounts were created through the new mail provider. This would also require changing the MX records for the domain at the DNS provider. Additionally, you would want to ensure that the accounts were configured as remote domains inside of cPanel. This can be managed through the “Edit DNS Zone” option in WHM or the “Email Routing” option in cPanel for the account. Finally, if you are using an SPF, DKIM, or DMARC record, you would want to ensure it was updated to include the third-party provider. Most providers will have their own recommendations for these settings.
Third party services do have several advantages. For example, the services run independently of your hosting server. As such, even if there is an outage on the server, email would remain available. You would also be sending through the provider's servers, so messages are less likely to be marked as spam. Additionally, the services will often have robust spam filtering for incoming messages. However, there are also a few disadvantages. Third-party services like this will almost always have an added cost. Also, the lack of access to the server logs means you would need to rely on the third-party's support team for assistance diagnosing email issues.
While blocks against port 25 do hinder legitimate email, there are several different options that are available to bypass those blocks. Some providers will remove these blocks or provide a relaying server. However, hosting your own separate mail server or using a third party solution are also viable options. There are different advantages and disadvantages for all of these options, and you would want to confer with your system administrator to determine which option is best for you.