Outbound traffic on port TCP 25 with Flanker

Questions and Answers Deployment
1

Im currently trying to use flanker to verify email addresses, but im constantly hitting an error where flanker cant communicate with the outside world thru the SMTP(25) port.

I know Qovery runs on my cloud under some VPC constructions too, this is more of a technical question(not really related to Qovery) but how can I open the outbound traffic on port 25 so flanker can check the MX records and return the right response?

note: I tried with explicitly adding it to my outbound rules on the VPC created by Qovery on my AWS console, but the connection is still closed

2

I wonder if it is not AWS restricting the port TCP/25 by default (I am not sure). @Pierre_Mavro do you know?

1 Like
3

Great question actually, made me do some research on the subject and turns out that AWS does indeed block port 25/TCP to prevent spamming and blacklisting of their own IPs.

More on the subject Remove port 25 restriction from your EC2 instance

4

I let @Pierre_Mavro respond here.

@ditorojuan, at Qovery we are using Courier and Postmark to send emails. It works great from AWS since Courier provides an HTTP API to send emails. It’s quite convenient.

5

Oh wow Courier is definitely interesting! We are currently using AWS SES for sending emails. The only usage we are giving to this port is to validate addresses before sending any message(which i should check if SES does by default)

Would have love to know about Courier before lol, I literally spent like 2 days making a custom MJML library to match our needs for templating in python

6

I confirm, that port 25 is closed by default. We do not offer the possibility (at the moment) to open more ports than the ones we defined.

However for this specific use case, even if it was possible, I strongly advise you to not manage by yourself the mailing part. It’s a huge waste of time because you’ll encounter a lot of blacklisting issues while trying to manage it on EC2 instances. You’ll have to set up several antispam mechanisms like DKIM, SPF, DMarc, etc…
And not only, but all EC2 Ips are also well known from RBL (Realtime Blackhole Lists), and other lists generally used. You’ll get very low confidence on the scoring based on those IPs, so your mails will certainly never be delivered.

I join Romaric’s advice on using a dedicated service for it, you’ll save a huge amount of time.

1 Like
7

Got it, so it is not even worth it to use it as a means to just check whether emails are valid then?