Postfix – How to Configure Postfix to Send Outgoing Emails to Port Other Than 25

emailpostfixsmtp

Since port 25 is blocked on my VPS, I need to configure Postfix to send emails to other ports such as 587 or 465. But it seems most incoming SMTP servers on the Internet such as outlook or gmail do not open port 587 or 465. They just use port 25 to receive emails. Is this a common practice?

I do not mean to use another SMTP server to relay emails (as talked in this post.)

Another question is if all(or most) SMTP servers that open port 587 need authentication? Port 587 is called submission port so I think it asks you for account information. Is there any incoming SMTP server that uses port 587 to receive emails and does not need account authentication?

Best Answer

465/587 are client submission ports, they are usually protected with authentication and transport layer security. Email clients, i.e. MUAs, use port 587 and 465, while mail servers, i.e. MTAs, use port 25.

Opportunistic TLS (Wikipedia)

"At least for the email related protocols, RFC 8314 favors separate SSL ports instead of STARTTLS."

The confusion probably comes from how SMTP used to communicate in the past. All communications (client to server, server to server) were made using TCP port 25. Nowadays it is uncommon for email clients to use port 25 for sending emails; also, many ISPs block outgoing port 25 on their client border to limit spam.

Point is, if a MTA is configured to use a different port than 25 then also the remote end needs to be configured to use that different port for the communication to be successful.

To support end-to-end TLS between MTAs, protocol extensions have to be implemented by both ends. See Increase email security with MTA-STS and TLS reporting (Google) and Extended SMTP (Wikipedia)

SMTP alone does not provide security, and many SMTP servers don’t have added security to prevent malicious attacks.

Related Solutions

Sendmail – How to Configure Sendmail to Send Email via Gmail SMTP

Add the following to your sendmail.mc:

define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`ESMTP_MAILER_ARGS’, `TCP $h 587′)

That should get your outbound mail being sent by Sendmail on port 587.

You'll also need to have sendmail configured to do TLS. It's a bit beyond the scope of your question, but you can find a lot of decent guides about how to do it w/ Google if you're not familiar.

Mail Server Configuration – Ports to Open for Postfix and SMTP

Port 25 needs to be open in order for it to receive mail from the internet. All mail servers will establish a connection on port 25 and initiate TLS (encryption) on that port if necessary.

Secure SMTP (port 465) is used only by clients connecting to your server in order to send mail out.

Port 587 is considered a submission port. It is also what clients use to send mail out using your server. Port 587 is preferred in SMTP settings of clients over port 25 because port 25 is blocked by many ISPs. If you have port 465 open, you don't necessarily need port 587 open as well, but I believe 587 is considered a standard and 465 is considered legacy.

Port 25 should accept anonymous connections, but not for relaying

Ports 465 and 587 should reject anonymous connections and allow relaying.

Don't apologize for not knowing. We all start somewhere, and nobody on here knows everything :-)

Best Answer

Related Solutions

Sendmail – How to Configure Sendmail to Send Email via Gmail SMTP

Mail Server Configuration – Ports to Open for Postfix and SMTP

Related Topic