Server Fault Asked on January 19, 2021
Since port 25 is blocked on my VPS, I need to configure Postfix to send emails to other ports such as 587 or 465. But it seems most incoming SMTP servers on the Internet such as outlook or gmail do not open port 587 or 465. They just use port 25 to receive emails. Is this a common practice?
I do not mean to use another SMTP server to relay emails (as talked in this post.)
Another question is if all(or most) SMTP servers that open port 587 need authentication? Port 587 is called submission port so I think it asks you for account information. Is there any incoming SMTP server that uses port 587 to receive emails and does not need account authentication?
465/587 are client submission ports, they are usually protected with authentication and transport layer security. Email clients, i.e. MUAs, use port 587 and 465, while mail servers, i.e. MTAs, use port 25.
"At least for the email related protocols, RFC 8314 favors separate SSL ports instead of STARTTLS."
The confusion probably comes from how SMTP used to communicate in the past. All communications (client to server, server to server) were made using TCP port 25. Nowadays it is uncommon for email clients to use port 25 for sending emails; also, many ISPs block outgoing port 25 on their client border to limit spam.
Point is, if a MTA is configured to use a different port than 25 then also the remote end needs to be configured to use that different port for the communication to be successful.
To support end-to-end TLS between MTAs, protocol extensions have to be implemented by both ends. See Increase email security with MTA-STS and TLS reporting (Google) and Extended SMTP (Wikipedia)
SMTP alone does not provide security, and many SMTP servers don’t have added security to prevent malicious attacks.
Correct answer by Mike L'Angelo on January 19, 2021
Port 25 is the standard server-side email port. This includes server-to-server relaying, etc. It is the standard. You can set postfix to use a different port, but it's unlikely you'd be able to talk to anyone else.
Port 587 is typically what a mail client would use to send mail to a server. In this case, by client, I mean something like an iPhone, or mail app such as Thunderbird, Outlook, etc.
Since port 587 is generally client-centric, it is very common for it to require authentication. This also helps ensure mail servers only have to handle mail from authorized users.
Answered by mikem on January 19, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP