Fixing Plesk “SMTP Ports Blocked” Issue When IPv6 Breaks Outbound Mail

General
,
1

When configuring Plesk to send outbound emails through Gmail (or any external SMTP service), you may encounter this error:

“You cannot send emails from Plesk because outbound connections on TCP ports 25 and 587 are blocked.”

Even though the firewall allows the ports, Plesk insists they’re blocked. In my case, the issue turned out not to be the firewall or provider, but IPv6 resolution. Here’s the full troubleshooting process and the solution.

:small_blue_diamond: Step 1: Check the Firewall Rules

First, I verified whether ports 25, 465, and 587 were open locally:

iptables -L -n | grep -E "25|465|587"

Output:

f2b-plesk-postfix  tcp  --  0.0.0.0/0  0.0.0.0/0  multiport dports 25,465,587
ACCEPT     tcp  --  0.0.0.0/0  0.0.0.0/0  tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0  0.0.0.0/0  tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0  0.0.0.0/0  tcp dpt:465

:white_check_mark: The ports were clearly allowed.

:small_blue_diamond: Step 2: Test SMTP Connectivity

Next, I tested Gmail’s SMTP server using telnet:

telnet smtp.gmail.com 587

But the session got stuck at:

Trying 2607:f8b0:4004:c21::6d...

This told me the server was trying IPv6 first, and the connection wasn’t completing.

:small_blue_diamond: Step 3: Force IPv4 in Applications

To confirm, I forced IPv4:

telnet -4 smtp.gmail.com 587

This succeeded immediately. Same for port 465 using OpenSSL:

openssl s_client -connect smtp.gmail.com:465 -crlf -quiet -4

So the root cause wasn’t blocked ports — it was IPv6 routing failing.

I then forced IPv4 in mail services:

  • Postfix (/etc/postfix/main.cf):

    inet_protocols = ipv4

  • Dovecot (/etc/dovecot/dovecot.conf):

    listen = 0.0.0.0

Both were restarted, but Plesk still complained.

:small_blue_diamond: Step 4: Make the OS Resolver Prefer IPv4

The final piece of the puzzle was Plesk’s own SMTP port checker. It uses the system resolver, which was still preferring IPv6 (AAAA records).

The fix: edit /etc/gai.conf and ensure IPv4 precedence:

sudo nano /etc/gai.conf

Uncomment or add:

precedence ::ffff:0:0/96  100

This line tells getaddrinfo() to prefer IPv4 over IPv6 globally.

Then reload services:

sudo plesk repair mail -y
sudo systemctl restart sw-engine sw-cp-server

:small_blue_diamond: Step 5: Recheck in Plesk

Back in Plesk → Tools & Settings → Mail Server Settings → Recheck connection, the ports now showed as open and working :white_check_mark:.

:white_check_mark: The Actual Solution

While I tried firewall checks, Postfix/Dovecot tweaks, and provider-level suspicion, the true fix was:

  • Tell the OS resolver to prefer IPv4 in /etc/gai.conf.
  • This forced Plesk (and all apps) to use IPv4 when connecting to external mail servers.

:small_blue_diamond: Lessons Learned

  1. Don’t stop at the firewall. Just because ports are open locally doesn’t mean the connection works end-to-end.
  2. IPv6 can silently break services if your host’s network doesn’t support it properly.
  3. System-wide resolver settings matter. Applications like Plesk rely on the OS resolver order.
  4. Sometimes the fix is just a single line in /etc/gai.conf.

:white_check_mark: With this change, Plesk now sends outbound emails over Gmail SMTP without issues, using IPv4 only.

2

East command:

 postconf -e "inet_protocols = ipv4"
3

Short cut version:

sudo sed -i 's/^#\s*precedence ::ffff:0:0\/96  100/precedence ::ffff:0:0\/96  100/' /etc/gai.conf