So here is my deployment scenario for web2py:
web2py is running on AWS.
I have a 4 node setup on AWS: 1 load balancer, 2 webpy behind nginx with uwsgi and 1 postgres database. nginx is behind the load balancer.
All outgress traffic(except local network) from web2py and database nodes has been blocked. Which means web2py cannot directly connect to a mail server that is running outside of this local network. And in this case mail server is a third party and running outside local network.
There is a separate proxy that is setup and all internet traffic(in this case: captcha and outgoing mails) needs to go via this proxy so that the traffic can be controlled better and audited as well.
I have set the http_proxy and https_proxy env variables for uwsgi processes and it has helped resolve the captcha issues. i.e. now all the google catpcha validation is going this proxy.
Now I understand that this is too much of an overkill for a web2py kind of application, but it has to be done this way due to some policy.
Hope this clarifies it a bit.