Last updated: July 2026
In short: OVHcloud blocks outbound port 25 across all dedicated servers, VPS, and Public Cloud instances by default to prevent spam abuse. Unblocking requires opening a support ticket and proving a valid technical use case. Alternatively, OVHcloud recommends submitting outbound mail via port 587 using STARTTLS.
When deploying a self-hosted mail server on OVHcloud infrastructure, direct outbound email delivery over port 25 will fail upon initial setup. This network-level restriction is enforced by OVHcloud across all global data centers to protect subnet deliverability and combat spam.
Scope and security rationale
The outbound port block spans core OVHcloud hosting platforms. According to the provider’s official technical documentation:
By default, outgoing port 25 is blocked on OVHcloud infrastructure (dedicated servers, VPS, Public Cloud instances) to prevent spam abuse.
This restriction operates at the data center network edge. Because the filter is enforced upstream from your server, adjusting operating system firewall rules (such as iptables or ufw) will not enable outbound traffic on port 25.
Requesting an unblock from support
If your architecture relies on direct SMTP delivery (connecting directly from your OVHcloud IP address to recipient MX gateways over port 25), you must contact customer service:
If your use case requires port 25, request it to be unblocked by contacting our support team
Before submitting a support ticket, ensure your email infrastructure follows standard authentication practices. Support teams typically check for a properly configured reverse DNS (PTR) record in the OVHcloud Control Panel, alongside valid SPF and DKIM records, to verify that the server will process legitimate mail.
IP reputation reality check
Even after support successfully lifts the port 25 block, delivering mail directly from OVHcloud IP ranges poses ongoing deliverability risks. As one of the world’s largest infrastructure providers, OVHcloud subnets are frequently targeted by bad actors. Consequently, entire hosting blocks (particularly in budget VPS and cloud tiers) regularly appear on aggressive blocklists (DNSBLs) such as UCEPROTECT (Level 2 or 3) and Spamhaus.
If you deliver mail directly using your OVHcloud IP address, you must actively monitor your IP reputation and deliverability rates, as major inbox providers (Gmail, Outlook, Yahoo) strictly scrutinize traffic originating from data center subnets.
Smarthost relaying via port 587 (STARTTLS)
To avoid support delays and bypass subnet deliverability risks, OVHcloud explicitly recommends using an alternative port for message submission:
Use port 587 (STARTTLS) for outbound mail submission.
By routing your outbound mail through an authenticated external smarthost relay over port 587, you bypass network-level port restrictions completely while delivering messages through clean, highly reputed IP pools.
A standard Postfix configuration (/etc/postfix/main.cf) for relaying via an external smarthost over port 587 looks like this:
relayhost = [smtp.provider.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
Or send reliably via Dispatch. If you want to avoid support tickets, reverse DNS checks, blocklist monitoring, and ongoing smarthost maintenance, you can route your outbound mail quickly and reliably via Dispatch.
Verifying your configuration
Once your sending workflow is active, verify your email authentication records (SPF, DKIM, DMARC) and check your reverse DNS alignment using the free MXAudit scanner.
Further reading
- OVHcloud Documentation — Mail Sending Optimization (retrieved: July 16, 2026)