Google Compute Engine does not allow outbound connections on port 25. By default, outbound SMTP is blocked because of the large amount of abuse server-to-server SMTP is susceptible to. In addition, having a trusted third-party provider such as SendGrid, Mailgun, or Mailjet relieves Compute Engine and you from maintaining IP reputation with your receivers.
While sending email from blocked ports is not allowed, your instances can still receive email.
Note:Port 25 is always blocked and cannot be used, even through SMTP relay using G Suite.
Although port 25 is blocked, you can choose to use port 465, 587, or a non-standard port to send email through a relay. You can also take advantage of the mail services offered by Compute Engine partners.
SendGrid, Mailgun, and Mailjet are Compute Engine's third-party partners that offer a free tier for Compute Engine customers to set up and send email through their servers. If you don't have a G Suite account, use these third-party partners to take advantage of features like click tracking, analytics, APIs, and other features to meet your email needs.
Alternatively, if you are familiar with G Suite and are already paying for a G Suite account that supports email, you can set up a relay service to send email through G Suite. Note that Gmail and G Suite enforce limits for email activity. For details, see G Suite email sending limits.
If you don't have a G Suite account or don't want to use G Suite or a third-party mail provider, you can set up your own email server on an instance using a non-standard port. You can choose any ephemeral port that isn't blocked by Compute Engine.
If you want to use your own email server on a custom port, use the documentation specific to your email service to configure a custom email port.
Note:If necessary, remember to create a firewall rule that opens this custom port so that your network traffic is not blocked.
In some cases, you might have a corporate mail server that is already running an email service for you. If you need to send mail through a corporate mail server but are blocked by the port restrictions described at the top of this page, you can use a VPN to bypass these restrictions. This method requires running a VPN client on your Compute Engine cluster, and a VPN server on your corporate network router. This setup would allow your instance to appear "inside" your corporate firewall, and allow unrestricted access to your corporate mail server.