SMTP Email Server Setup on Cloud: Full Guide

Port 25 (SMTP) is the protocol used for server-to-server email delivery. Cloud providers block outbound port 25 on new accounts to prevent their IP ranges from being used for spam, which would damage the IP reputation of all customers on that network.

AWS, DigitalOcean, GCP, Azure, Vultr, and most VPS providers apply this restriction. To use port 25, you either request removal from the provider (takes days–weeks, often denied for new accounts) or buy a pre-configured open-port account.

Our port 25 open accounts (DigitalOcean, Linode, IBM Cloud, Kamatera, Atlantic.Net) have been pre-approved for unrestricted SMTP outbound traffic.

Different providers suit different email use cases.

DigitalOcean port 25 (3/10/25 Droplet capacity): Best for high-volume bulk email. Multiple Droplets allow distributed sending across different IPs, improving deliverability through IP rotation.

Linode port 25 (Akamai): Best for transactional email where IP reputation matters. Akamai-backed IP ranges have established reputation. Good for B2B transactional email (order confirmations, SaaS notifications).

IBM Cloud port 25: Enterprise IP ranges. Higher cost but better initial reputation for corporate email infrastructure.

Kamatera port 25 (21 locations): Best for distributed global sending. Different geographic IP blocks improve deliverability by appearing to originate from diverse locations.

Atlantic.Net port 25: Dedicated server ranges. Clean IP blocks for email infrastructure.

1. Install: apt update && apt install postfix mailutils opendkim opendkim-tools -y During setup: choose "Internet Site", enter your domain.

2. Configure Postfix (/etc/postfix/main.cf): myhostname = mail.yourdomain.com mydomain = yourdomain.com inet_interfaces = all smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_use_tls = yes

3. Generate DKIM keys: opendkim-genkey -s mail -d yourdomain.com -D /etc/opendkim/keys/yourdomain.com/ chown opendkim:opendkim /etc/opendkim/keys/yourdomain.com/mail.private

4. Restart services: servicectl restart postfix opendkim

5. Test: echo "Test email" | mail -s "Test" recipient@gmail.com

These four DNS records are mandatory for inbox delivery.

SPF (Sender Policy Framework): TXT record at yourdomain.com Value: "v=spf1 ip4:YOUR_SERVER_IP ~all" Purpose: Tells receiving servers which IPs are authorized to send from your domain.

DKIM (DomainKeys Identified Mail): TXT record at mail._domainkey.yourdomain.com Value: Your opendkim-generated public key (v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY) Purpose: Cryptographic signature proving email was sent from your server.

DMARC (Domain-based Message Authentication): TXT record at _dmarc.yourdomain.com Value: "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com" Purpose: Policy for handling emails that fail SPF/DKIM. Start with p=none for monitoring.

PTR/Reverse DNS: Set in your cloud provider control panel Value: mail.yourdomain.com (matching your HELO/EHLO hostname) Purpose: Anti-spam measure — most mail servers reject email from IPs without matching PTR.

New IP addresses have no sending reputation. Sending large volumes immediately triggers spam filters. IP warmup is the process of gradually increasing sending volume to build reputation.

Week 1: 100 emails/day (to highly engaged subscribers who regularly open/click) Week 2: 500 emails/day Week 3: 2,000 emails/day Week 4: 10,000 emails/day Month 2+: Scale to target volume

Critical rules during warmup: - Only send to highly engaged subscribers (recent opens/clicks) - Maintain <0.1% bounce rate - Maintain <0.08% spam complaint rate - Monitor blacklists daily via MXToolbox - Set up proper unsubscribe handling before sending first email

For bulk email infrastructure: use multiple IPs (Kamatera with 21 locations, or DigitalOcean with 25 Open Port Droplets) to distribute sending and warm multiple IPs simultaneously.