I want to block smtp 25, pop 110 & imap 143 and only use secured smtps 465, pop3s 995 & imaps 993. Are there good reasons to let port 25,110,143 open?
Firewall – Are there any reasons why we should not block unencrypted service ports for mail such as 25,110 & 143
email-serverfirewall
Best Answer
Actually the ports you mentionned, 465, 995 and 993 are deprecated and should no more be used.
See RFC2995 section 7
Regarding port 465 for SMTPS it was even re-assigned by IANA to a different usage:
Source : http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=9
Specifically for SMTP , a mail server should (in most case) accept uncrypted communication, since it will likely received email from server that will not propose TLS.
However it is also advise to use port 25 for server to server mail transfer and use port 587 for mail submissions from clients.
See RFC2476
Extract:
Regarding POP3, IMAP, and mail submission on port 587, you can enforce encryption on the standard ports 110, 143, 587 by configuring you server to refuse connection not encrypted with TLS. (and it is strongly advised to do so).