Cloudflare WARP not routing SMTP to internal addresses

I’ve followed this guide: https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel and everything seems to be working so far except for connections to our internal SMTP server at port 25. Retrieving emails from the internal server works fine over port 110. I’ve confirmed it is not a policy issue since it does not even appear in the gateway logs as ‘blocked’ or ‘allowed’, it simply does not show up at all.

Is port 25 not supported for WARP?

AFAIK there’s no limitations on specific ports

However, currently WARP to Tunnel only works with TCP (UDP is coming soon! see https://blog.cloudflare.com/extending-cloudflares-zero-trust-platform-to-support-udp-and-internal-dns/) so that may be the cause (since SMTP may be using either TCP or UDP, you’d have to be the one checking out what you are using)

3 Likes

I’ve tried with netcat TCP, seems to be the same issue with specifically port 25. It does not even appear in the gateway access logs.

I suspect there may be an interplay going on here, where some other product is causing this. Perhaps this is pointing to the issue: https://support.cloudflare.com/hc/en-us/articles/200168876-Email-undeliverable-when-using-Cloudflare

Warp blocks port 25 outbound. To my knowledge there has not been exception made for warp to tunnel traffic.

1 Like

Is this documented anywhere?

Not as far as I know but outbound port 25 is blocked universally which makes sense for non-teams for sure. On the corp level, my recommendation would be to have your relay listen on an alternative port.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.