在 Azure 中排查出站 SMTP 连接问题Troubleshoot outbound SMTP connectivity issues in Azure

从 2017 年 11 月 15 日开始,从虚拟机 (VM) 直接发送到外部域(例如 outlook.com)的出站电子邮件将仅适用于 Azure 中的某些订阅类型。Starting on November 15, 2017, outbound email messages that are sent directly to external domains (such as outlook.com) from a virtual machine (VM) are made available only to certain subscription types in Azure. 将阻止使用 TCP 端口 25 的出站 SMTP 连接。Outbound SMTP connections that use TCP port 25 were blocked. (端口 25 主要用于未经身份验证的电子邮件传递。)(Port 25 is primarily used for unauthenticated email delivery.)

此行为更改仅适用于 2017 年 11 月 15 日及以后的新订阅和新部署。This change in behavior applies only to new subscriptions and new deployments since November 15, 2017.

建议使用经过身份验证的 SMTP 中继服务(通常通过 TCP 端口 587 或 443 连接,但也支持其他端口),从 Azure VM 或 Azure 应用服务发送电子邮件。We recommend you use authenticated SMTP relay services (that typically connect through TCP port 587 or 443 but support other ports, too) to send email from Azure VMs or from Azure App Services. 这些服务用于维护 IP 或域信誉,以尽量降低第三方电子邮件提供商拒绝邮件的可能性。These services are used to maintain IP or domain reputation to minimize the possibility that third-party email providers will reject the message. 此类 SMTP 中继服务包括但不限于 SendGridSuch SMTP relay services include but aren't limited to SendGrid. 也可以使用本地运行的安全的 SMTP 中继服务。It's also possible you have a secure SMTP relay service that's running on-premises that you can use.

在 Azure 中使用这些电子邮件传递服务不受限制(无论是哪种订阅类型)。Using these email delivery services isn't restricted in Azure, regardless of the subscription type.

企业协议Enterprise Agreement

企业协议 Azure 用户仍然无需使用经身份验证的中继便可发送电子邮件。For Enterprise Agreement Azure users, there's no change in the technical ability to send email without using an authenticated relay. 新的和现有的企业协议用户均可以尝试从 Azure VM 直接向外部电子邮件提供商发送出站电子邮件,且没有任何 Azure 平台限制。Both new and existing Enterprise Agreement users can try outbound email delivery from Azure VMs directly to external email providers without any restrictions from the Azure platform. 虽然不保证电子邮件提供商会接受来自任何给定用户的传入电子邮件,但对于企业协议订阅中的 VM,Azure 平台不会阻止发送尝试。Although it's not guaranteed that email providers will accept incoming email from any given user, delivery attempts won't be blocked by the Azure platform for VMs within Enterprise Agreement subscriptions. 必须直接与电子邮件提供商接洽,以修复涉及特定提供商的所有邮件发送或垃圾邮件筛选问题。You'll have to work directly with email providers to fix any message delivery or SPAM filtering issues that involve specific providers.

标准预付费套餐Standard Pay-in-Advance Offer

如果已在 2017 年 11 月 15 日前注册标准预付费套餐或 Azure 合作伙伴网络订阅产品/服务,则依然能够尝试发送出站电子邮件。If you signed up before November 15, 2017 for the Standard Pay-in-Advance Offer or Azure Partner Network subscription offers, there will be no change in the technical ability to try outbound email delivery. 将能够继续尝试从这些订阅中的 Azure VM 直接向外部电子邮件提供商发送出站电子邮件,且没有任何 Azure 平台限制。You'll continue to be able to try outbound email delivery from Azure VMs within these subscriptions directly to external email providers without any restrictions from the Azure platform. 同样,不保证电子邮件提供商会接受来自任何给定用户的传入电子邮件,用户需要直接与电子邮件提供商协作,以处理涉及特定提供商的所有邮件发送或垃圾邮件筛选问题。Again, it's not guaranteed that email providers will accept incoming email from any given user, and users will have to work directly with email providers to fix any message delivery or SPAM filtering issues that involve specific providers.

在 2017 年 11 月 15 日之后创建的标准预付费套餐或 Azure 合作伙伴网络订阅中存在一个技术限制,它会阻止这些订阅中的 VM 直接发送电子邮件。For Standard Pay-in-Advance Offer or Azure Partner Network subscriptions that were created after November 15, 2017, there will be technical restrictions that block email that's sent directly from VMs within these subscriptions. 如需将电子邮件从 Azure VM 直接发送到外部电子邮件提供商(不使用经身份验证的 SMTP 中继),可以请求去除该限制。If you want the ability to send email from Azure VMs directly to external email providers (not using an authenticated SMTP relay), you can make a request to remove the restriction. 世纪互联会根据自己的判断审批请求,并且只会在执行额外的防欺诈检查后才授予权限。Requests will be reviewed and approved at 21Vianet's discretion, and they'll be granted only after additional anti-fraud checks are made. 若要提交请求,请使用以下支持类型开启一个支持案例:订阅管理服务类型:维护通知相关问题To make a request, open a support case by using the following support type: Subscription Management service type: Maintenance notification related issue. 请确保添加详细信息,解释为什么要直接向电子邮件提供商发送邮件而不是使用经身份验证的中继。Make sure that you add details about why your deployment has to send mail directly to mail providers instead of using an authenticated relay.

在豁免标准预付费套餐或 Azure 合作伙伴网络订阅并在 Azure 门户中先“停止”后“启动” VM 以后,该订阅中的所有 VM 在此后会被豁免。After a Standard Pay-in-Advance Offer or Azure Partner Network subscription is exempted and the VMs have been 'Stopped' & 'Started' from the Azure portal, all VMs within that subscription will be exempted going forward. 豁免仅适用于请求的订阅,并且仅适用于直接路由到 Internet 的虚拟机流量。The exemption is only applicable to the subscription requested and only applies to Virtual Machine traffic routed directly to the internet. 不支持通过 Azure PaaS 服务(如 Azure 防火墙)路由端口 25 流量。Routing port 25 traffic via Azure PaaS services such as Azure Firewall is unsupported.

备注

如果确定发生违反服务条款的情况,Azure 保留撤销此豁免的权利。Azure reserves the right to revoke this exemption if it's determined that a violation of terms of service has occurred.

MSDN、Azure Pass、Azure 开放许可、教育、BizSpark 和试用版MSDN, Azure Pass, Azure in Open, Education, BizSpark, and Trial

2017 年 11 月 15 日后创建的 MSDN、Azure Pass、Azure 开放许可、Azure 教育、BizSpark、Azure 赞助、Azure Student、试用版或任何 Visual Studio 订阅均存在技术限制,会阻止从这些订阅中的 VM 直接向电子邮件提供商发送电子邮件。If you created an MSDN, Azure Pass, Azure in Open, Education, BizSpark, Azure Sponsorship, Azure Student, Trial, or any Visual Studio subscription after November 15, 2017, you'll have technical restrictions that block email that's sent from VMs within these subscriptions directly to email providers. 此限制是为了防止滥用邮件。The restrictions are done to prevent abuse. 不接受去除此限制的请求。No requests to remove this restriction will be granted.

如果使用这些订阅类型,建议使用 SMTP 中继服务,如本文前面部分所述,或者更改订阅类型。If you're using these subscription types, you're encouraged to use SMTP relay services, as outlined earlier in this article or change your subscription type.

云服务提供商 (CSP)Cloud Service Provider (CSP)

如果通过 CSP 使用 Azure 资源,并且无法使用安全的 SMTP 中继,则可请求 CSP 代表你通过 Azure 创建“取消阻止”豁免请求。If you're using Azure resources through CSP, you can request the CSP to create an unblock exemption request with Azure on your behalf if a secure SMTP relay can't be used.

需要帮助?Need help? 联系支持人员Contact support

如果仍需要帮助,可联系支持人员,通过以下支持类型快速解决问题:订阅管理服务类型:维护通知相关问题If you still need help, contact support to get your issue resolved quickly by using the following support type: Subscription Management service type: Maintenance notification related issue.