> ## Documentation Index
> Fetch the complete documentation index at: https://docs.digitalfyre.com/llms.txt
> Use this file to discover all available pages before exploring further.

# VPS Port Restrictions

To maintain network security and platform stability, certain ports are blocked by default on the DigitalFyre VPS platform. These restrictions help prevent abuse, reduce the risk of DDoS amplification attacks, and protect our network's outbound IP reputation.

## Restricted Ports

| Port(s)                                                                                       | Protocol                                                              | Direction                           | Reason                                                                                |
| --------------------------------------------------------------------------------------------- | --------------------------------------------------------------------- | ----------------------------------- | ------------------------------------------------------------------------------------- |
| <Badge color="surface-destructive">17</Badge>                                                 | <Badge color="surface">TCP</Badge>/<Badge color="surface">UDP</Badge> | <Badge color="orange">Both</Badge>  | QOTD — outdated protocol abused in amplification attacks                              |
| <Badge color="surface-destructive">19</Badge>                                                 | <Badge color="surface">TCP</Badge>/<Badge color="surface">UDP</Badge> | <Badge color="orange">Both</Badge>  | Chargen — commonly used in <Badge color="surface">UDP</Badge> Reflection DDoS attacks |
| <Badge color="red">25</Badge>                                                                 | <Badge color="surface">TCP</Badge>                                    | <Badge color="red">Outbound</Badge> | SMTP — restricted to prevent outbound spam                                            |
| <Badge color="red">26</Badge>                                                                 | <Badge color="surface">TCP</Badge>                                    | <Badge color="red">Outbound</Badge> | Alternate SMTP — blocked for the same reasons as port 25                              |
| <Badge color="surface-destructive">137</Badge>–<Badge color="surface-destructive">139</Badge> | <Badge color="surface">TCP</Badge>/<Badge color="surface">UDP</Badge> | <Badge color="orange">Both</Badge>  | NetBIOS — associated with Windows file sharing and network enumeration                |
| <Badge color="surface-destructive">445</Badge>                                                | <Badge color="surface">TCP</Badge>/<Badge color="surface">UDP</Badge> | <Badge color="orange">Both</Badge>  | SMB — commonly targeted by worms and exploits                                         |
| <Badge color="surface-destructive">465</Badge>                                                | <Badge color="surface">TCP</Badge>                                    | <Badge color="red">Outbound</Badge> | SMTPS — restricted due to potential misuse by automated spam tools                    |
| <Badge color="surface-destructive">587</Badge>                                                | <Badge color="surface">TCP</Badge>                                    | <Badge color="red">Outbound</Badge> | SMTP submission — blocked to prevent unauthorized email transmission                  |
| <Badge color="surface-destructive">1211</Badge>                                               | <Badge color="surface">UDP</Badge>                                    | <Badge color="orange">Both</Badge>  | Used by some P2P or legacy applications — restricted due to abuse potential           |
| <Badge color="surface-destructive">1688</Badge>                                               | <Badge color="surface">TCP</Badge>                                    | <Badge color="orange">Both</Badge>  | KMS — often abused in piracy-related traffic                                          |
| <Badge color="surface-destructive">1900</Badge>                                               | <Badge color="surface">TCP</Badge>/<Badge color="surface">UDP</Badge> | <Badge color="orange">Both</Badge>  | SSDP — frequently abused in reflection/amplification DDoS attacks                     |
| <Badge color="surface-destructive">53413</Badge>                                              | <Badge color="surface">UDP</Badge>                                    | <Badge color="orange">Both</Badge>  | Associated with UPnP-based attacks or malware                                         |

## SMTP Port Unblocking

DigitalFyre will remove blocks on **ports 465 and 587** upon request to support legitimate outbound mail via third-party providers such as Amazon SES, Mailgun, and SendGrid.

To request unblocking, open a [support ticket](https://console.digitalfyre.com/submitticket.php) and specify which ports you need opened and which mail provider you are using.

### Port 25

<Warning>
  Requests to open outbount port `25` are subject to **strict review**, and approval is **<u>not guaranteed</u>**. This port is heavily abused and is restricted to protect the network's reputation.

  Accounts **less than 6 months old** are **not eligible** for submitting a request to enable port `25`.
</Warning>

Requests to allow outbound port `25` **will be rejected** if they match common abuse patterns, including but not limited to:

* Claims of sending "small newsletters" or transactional emails without a verified provider
* Claims of running a "private email server" for personal use
* Requests to "test an email script," "test a mailer," or run bulk mailing tools
* Vague explanations such as "I need port 25 for my website."
* Self-hosted mail servers with no domain reputation, no SPF/DKIM/DMARC configuration, or no abuse handling policies
* Any indication of bulk outbound emailing, purchased mailing lists, email marketing blasts, or mass outreach campaigns

<Card title="Recommended Alternatives" type="note" horizontal>
  For reliable outbound transactional email, use a dedicated third-party service like **Amazon SES**, **Mailgun**, **SendGrid**, or any verified transactional email provider — these work on ports `465`/`587` once unblocked.

  If you need managed email hosting rather than a self-hosted mail server, DigitalFyre offers [Mailcow Email](https://www.digitalfyre.com/mailcow-email/) and [Open-Xchange Email](https://www.digitalfyre.com/openxchange/) hosting services.
</Card>
