[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-03。"],[[["\u003cp\u003eGoogle Cloud allows sending email through standard ports 587 and 465, but blocks port 25 for external destinations to prevent abuse, though some projects might have exceptions to this rule.\u003c/p\u003e\n"],["\u003cp\u003eUtilizing third-party email services like SendGrid, Mailgun, or Mailjet is recommended for enhanced IP reputation, with free tiers available for Compute Engine customers.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Workspace users can relay email through their accounts via ports 465 or 587, but are subject to email activity limits.\u003c/p\u003e\n"],["\u003cp\u003eUsers can host their own email servers on VM instances using non-standard ports, which requires configuring a firewall rule to allow outbound traffic on that specific port.\u003c/p\u003e\n"],["\u003cp\u003eTo send mail through corporate servers bypassing port restrictions, a VPN setup can be employed, but it's essential to consider the security implications and limit access accordingly.\u003c/p\u003e\n"]]],[],null,["*** ** * ** ***\n\nThis document describes the options for sending mail from a virtual\nmachine (VM) instance and provides general recommendations on how to set up your\ninstances to send email.\n\nUsing standard email ports\n\nGoogle Cloud does not place any restrictions on traffic sent to external\ndestination IP addresses using destination TCP ports 587 or 465. The\n[implied allow egress firewall rule](/vpc/docs/firewalls#default_firewall_rules)\nallows this traffic unless you've created egress deny firewall rules that block\nit.\n\nDue to the risk of abuse, connections to destination TCP Port 25 are blocked\nwhen the destination is external to your VPC network. This\nincludes using SMTP relay with Google Workspace. However, some projects do not\nhave this restriction and do allow external SMTP egress on port 25. For more\ninformation, see [Blocked and limited\ntraffic](/vpc/docs/firewalls#blockedtraffic).\n| **Note:** Subject to Google Cloud firewall rules, connections to destination TCP Port 25 are allowed within your VPC network, a VPC connected using VPC Network Peering, or an on-premises network connected to your VPC network using Cloud VPN tunnels or Cloud Interconnect attachments (VLANs).\n\nChoosing a third-party email service to use\n\nIn addition to using standard email ports, having a trusted third-party email\nprovider such as SendGrid, Mailgun, or Mailjet improves your\n[IP reputation score](https://sendgrid.com/blog/email-reputation-and-email-engagement-metrics/).\n\nSendGrid, Mailgun, and Mailjet offer a free tier for Compute Engine\ncustomers to set up and send email through their servers. If you don't have a\nGoogle Workspace account, use these third-party partners to take advantage of\nfeatures like click tracking, analytics, APIs, and other features to meet your\nemail needs.\n\nAlternatively, if you are familiar with\n[Google Workspace](https://gsuite.google.com) and are already paying for a\nGoogle Workspace account that supports email, you can [set up a relay service\nto send email through\nGoogle Workspace](https://support.google.com/a/answer/176600). Note that\nGmail and Google Workspace enforce\n[limits for email activity](https://support.google.com/a/answer/166852).\n\nIf you don't have a Google Workspace account or don't want to use\nGoogle Workspace or a third-party mail provider, you can set up your own\nemail server on an instance by using a non-standard port. You can choose any\n[ephemeral port](https://wikipedia.org/wiki/Ephemeral_port)\nthat isn't blocked by Compute Engine.\n\n- **To use SendGrid, Mailgun, or Mailjet** : Follow the instructions for [Sending Email using SendGrid](/compute/docs/tutorials/sending-mail/using-sendgrid), [Sending Email using Mailgun](/compute/docs/tutorials/sending-mail/using-mailgun), or [Sending Email using Mailjet](/compute/docs/tutorials/sending-mail/using-mailjet).\n- **To use a Google Workspace domain** : Follow the instructions for [SMTP relay service](https://support.google.com/a/answer/2956491) settings in the Google Workspace documentation. SMTP relaying through Google Workspace is only allowed through ports 465 or 587. Port 25 is not supported through Google Workspace.\n\nIf you want to use your own email server on a custom port, use the\ndocumentation specific to your email service to configure a custom\nemail port.\n\nSetting up a firewall rule to allow outbound traffic on a custom port\n\nTo allow outbound traffic through a custom port, you need to set up a firewall\nrule. For example, the following steps set up a rule that allows outbound\ntraffic on port 2525. Replace port 2525 with the custom port of your choice.\n\n1. In the Google Cloud console, go to the **Create a firewall rule** page.\n\n [Go to Create a firewall rule](https://console.cloud.google.com/networking/firewalls/add)\n2. Choose a name for the firewall rule.\n\n3. Under **Network**, select the network that is hosting the VM instance that\n you intend to send email messages from.\n\n4. Under **Direction of traffic** , select **Egress**.\n\n5. Under **Targets** , choose the appropriate target for this rule. For example,\n you might choose **Specified target tags** if you want the rule to apply\n to instances that have a [specific tag](/vpc/docs/add-remove-network-tags).\n\n6. Under **Destination filter** , set `0.0.0.0/0` if you want to allow egress\n traffic from the VM instance to any destination. If you want to limit the\n destination, enter another IP range here.\n\n7. Under **Protocols and ports** , select **Specified protocols and ports** ,\n select **tcp** , and enter `2525`.\n\n8. Click **Create** to save your changes.\n\nSending mail through corporate mail servers\n\nIn some cases, you might have a corporate mail server that is already running\nan email service for you. If you need to send mail through a corporate mail\nserver but are blocked by the port restrictions described at the top of\nthis page, you can use a VPN to bypass these restrictions. This method requires\nrunning a VPN client on your Compute Engine cluster, and a VPN server\non your corporate network router. This setup lets your instance appear\n\"inside\" your corporate firewall, and allows unrestricted access to your\ncorporate mail server.\n\nThere are security implications for this configuration, and you should ensure\nthat your Compute Engine instance has access to **only** the services\nit requires, and nothing more.\n\nWhat's next\n\n- Send emails from your instance [using Sendgrid](/compute/docs/tutorials/sending-mail/using-sendgrid).\n- Send emails from your instance [using Mailgun](/compute/docs/tutorials/sending-mail/using-mailgun).\n- Send emails from your instance [using Mailjet](/compute/docs/tutorials/sending-mail/using-mailjet).\n- Read the Google Workspace domain documentation to learn how to use the [SMTP relay service](https://support.google.com/a/answer/2956491)."]]