To maintain network security and platform stability, certain ports are blocked by default on the DigitalFyre VPS platform. These restrictions help prevent abuse, reduce the risk of DDoS amplification attacks, and protect our network’s outbound IP reputation.
Restricted Ports
| Port(s) | Protocol | Direction | Reason |
|---|
| 17 | TCP/UDP | Both | QOTD — outdated protocol abused in amplification attacks |
| 19 | TCP/UDP | Both | Chargen — commonly used in UDP Reflection DDoS attacks |
| 25 | TCP | Outbound | SMTP — restricted to prevent outbound spam |
| 26 | TCP | Outbound | Alternate SMTP — blocked for the same reasons as port 25 |
| 137–139 | TCP/UDP | Both | NetBIOS — associated with Windows file sharing and network enumeration |
| 445 | TCP/UDP | Both | SMB — commonly targeted by worms and exploits |
| 465 | TCP | Outbound | SMTPS — restricted due to potential misuse by automated spam tools |
| 587 | TCP | Outbound | SMTP submission — blocked to prevent unauthorized email transmission |
| 1211 | UDP | Both | Used by some P2P or legacy applications — restricted due to abuse potential |
| 1688 | TCP | Both | KMS — often abused in piracy-related traffic |
| 1900 | TCP/UDP | Both | SSDP — frequently abused in reflection/amplification DDoS attacks |
| 53413 | UDP | Both | Associated with UPnP-based attacks or malware |
SMTP Port Unblocking
DigitalFyre will remove blocks on ports 465 and 587 upon request to support legitimate outbound mail via third-party providers such as Amazon SES, Mailgun, and SendGrid.
To request unblocking, open a support ticket and specify which ports you need opened and which mail provider you are using.
Port 25
Requests to open outbount port 25 are subject to strict review, and approval is not guaranteed. This port is heavily abused and is restricted to protect the network’s reputation.Accounts less than 6 months old are not eligible for submitting a request to enable port 25.
Requests to allow outbound port 25 will be rejected if they match common abuse patterns, including but not limited to:
- Claims of sending “small newsletters” or transactional emails without a verified provider
- Claims of running a “private email server” for personal use
- Requests to “test an email script,” “test a mailer,” or run bulk mailing tools
- Vague explanations such as “I need port 25 for my website.”
- Self-hosted mail servers with no domain reputation, no SPF/DKIM/DMARC configuration, or no abuse handling policies
- Any indication of bulk outbound emailing, purchased mailing lists, email marketing blasts, or mass outreach campaigns
Recommended Alternatives
For reliable outbound transactional email, use a dedicated third-party service like Amazon SES, Mailgun, SendGrid, or any verified transactional email provider — these work on ports 465/587 once unblocked.If you need managed email hosting rather than a self-hosted mail server, DigitalFyre offers Mailcow Email and Open-Xchange Email hosting services.