Project

General

Profile

Overview

Use TCP Port 587 For Tuntex TK Outgoing mail server/SMTP

SMTP Port 25

Port 25 is the oldest. It was the port number assigned to SMTP when the protocol was first introduced in in 1982, about 33 years ago. In spite its age and the arrival of the other port numbers, port 25 is still very much widely used.

However, because this port was often exploited by malicious individuals in order to spread spam and malware, it's now blocked by several ISPs. If you're an end user setting up an email client and port 25 doesn't work, that's likely the reason. You'll then have to try the other port numbers. 

But didn't we just say port 25 is still "widely used"? That's right. But not for submitting email messages from an email client to an email server. Rather, it's supposed to be used for relaying messages from one mail server to another mail server. This is of course just an idealisation because there are still people who don't adhere to this practice. This traffic may originate from anywhere on the Internet, it does not have to be authenticated or encrypted, but it may be.

If you want to get a little more technical, port 25 is supposed to be used (again an idealisation) for relaying messages between MTAs (Mail Transfer Agents) or from MSAs (Mail Submission Agents) to MTAs. 

To illustrate:

SMTP Port 587

Whereas port 25 is the recommended port number for SMTP communications between mail servers (i.e., for relaying messages), port 587 is the one recommended for message submissions by mail clients to mail servers. To illustrate,

Port 587 is the submission port; it is intended for email being sent by end users from their desktop applications (Outlook, Thunderbird, etc.) to others. End users will set port 587 as their SMTP server port in their email programs. Traffic on port 587 is required to be authenticated, and should be encrypted with TLS.

The reason port 587 exists at all, of course, is spam. Port 25 is widely abused by malware to spread worms and spam.  Compromised computers on residential ISP connections often run malware which sends out large quantities of spam directly to port 25 of the recipient domain's mail servers. In response, since the submission port 587 was standardized, many ISPs now block port 25 connections from end users to cut down on spam.

Port 587 is reserved for email message submission...". Thus, port 587 is also known as the message submission port, while port 25 is also known as the message relay port.  

All submission servers or MSAs are mandated to implement SMTP authentication, a process wherein an SMTP client is required to log-in and authenticate with the (MSA) mail server it's connecting to before it can be granted access. Because port 587 is associated with these submission servers, then the use of port 587 typically implies the use of authentication. 

It's this authentication mechanism that prevents the propagation of spam and malware, and is also the reason why port 587 is now preferred over port 25 in mail (client to server) submissions. 

SMTP Port 465

This port was first introduced when users started looking for ways to secure email messages. The idea that emerged then was to encrypt messages using SSL (Secure Sockets Layer). But at that time, doing so meant using a separate port. 

The use of two different ports, one for plaintext messages and another for encrypted messages, can also be found in other network protocols like:

  • FTP - 21 for plaintext and 990 for encrypted (via Implicit SSL);

  • IMAP - 143 for plaintext and 993 for encrypted;

  • POP - 110 for plaintext and 995 for encrypted.

In SMTP, the port chosen for encrypted connections was 465.

Unfortunately, port 465 was never recognized by the IETF (Internet Engineering Task Force), the body charged to develop Internet standards, as an official port for SMTP. Instead, the IANA (Internet Assigned Numbers Authority) assigned it to SMTPS (Simple Mail Transfer Protocol), a now depracated method for securing SMTP. 

Today, SMTP can be secured even when using the same port (e.g. 587). A plaintext SMTP connection can be upgraded to a secure connection encrypted by either TLS (Transport Layer Security) or SSL by simply executing the STARTTLS command, provided of course the server supports it.

Summary

To summarize, the recommendation is that: 

  • port 587 should only be used for submissions (i.e., mail client to mail server),

  • port 25 should only be used for relaying (i.e., mail server to mail server communications), and

  • port 465 should no longer be used at all. 

Although not all email service providers adhere to these recommendations, these are idealisations that we should all be working to achieve in order to eliminate the confusion surrounding SMTP port configuration. 

 

This was last published in January 19, 2018. By. Dewi - IT Administrator

Add picture from clipboard (Maximum size: 5 MB)