question

croeck avatar image
0 Votes"
croeck asked MayankBargali-MSFT commented

Outgoing connection timeout on port 25 despite unlock, using App Function and NAT Gateway

Hi,

we have the requirement to connect to an SMTP server via port 25 and traffic must originate from a well known public IP.
So we did setup a NAT Gateway, connected our Function (Premium Plan) to the subnet and linked everything to use the public IP for outbound traffic.

In the subscription (Pay as you go) settings we also followed the process to unlock port 25, it says to no longer be restricted.

Despite all of this, our connection attempts still timeout. Our debugging attempts via telnet / netcat run into the same errors.
We used a second provider (mailtrap) to verify the connectivity issues are not related to the other party. Also there, connection attempts on port 25 run into timeouts.
Other outgoing requests, e.g. to port 2525 or 587 with mailtrap are successful and use the public IP.

What else is there we can do to further debug the issue and enable us to send the mails via port 25?
Is any of our components blocking this without a chance to unlock? (Function, NAT Gateway, ...)?

Any help is much appreciated. Thanks!
Cedric

azure-functionsazure-virtual-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dev073 avatar image
0 Votes"
Dev073 answered Dev073 commented

Hope the Microsoft confirmed on the port 25 exemption.

Have your ruled out all the NSG and port bocks from the vnet/subnet for port 25 deny ?

As part of debugging, can you create a small VM in azure and test the SMTP outbound from windows or linux box?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We created a small VM, attached it to the same network and NAT Gateway, but only a different subnet.
The VM was able to communicate on port 25 to services outside of MS Azure.

Seems to me like this port 25 restriction can be lifted for VMs, but not for Azure Functions.

0 Votes 0 ·

Possible.
I faced this issue with some other azure non VM services. Hence wanted you to isolate the factors.
best option is reach out to MS azure support for any known limitations or issues in your subscription.

0 Votes 0 ·
MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered MayankBargali-MSFT commented

@croeck As mentioned in this document Azure platform will block outbound SMTP connections on TCP port 25.
Alternative you can leverage third party service such as SendGrid that provides these type of services. You can refer to Troubleshoot outbound SMTP connectivity problems in Azure for more details.

Sharing previous discussion on the same.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Port 25 can be allowed based on exceptions in Azure. I think the requestor is already done the required process to allow the 25 bit still its failing.

1 Vote 1 ·

Yes, the subscription was already unblocked.
Using SendGrid (or any DSGVO compliant alternative) is not an option, it must be port 25.

0 Votes 0 ·

@croeck In that case can you open a support ticket with us so the team can assist you further.

0 Votes 0 ·