On 04/06/2015 05:42 AM, Muhammad Yousuf Khan wrote: > port 25 is to send email b/w mailservers.
Correct. > if my client(e.g. outlook) > wants to send email it must use port 465 and 587 No, it *should* use 587. It is possible to set up port 25 for mail submission but not recommended, that's simply not what it's for. > for security. The same security settings apply to 25 and 587. 465 uses a different type of security (TLS wrappermode instead of STARTTLS). > port 465 is for SSL Wraped SMTP port but can also be used with TLS > however some clients does not support this method. thus may fail 465 > with TLS setup. No. This is where it gets confusing, mainly because some clients get the terms wrong here. TLS has replaced SSL and for security reasons (SSL is largely broken now) SSL protocols (1 2 and 3) should normally be disabled for secure communication). Often times, though, when you see someone or some documentation or setting in an email client refer to SSL what they are really referring to is TLS. There are two different ways for a TLS connection to be made. One is you designate a special port for the TLS connection and all communication over that port is made with TLS right from the very start. This is known as "TLS wrappermode" and is how port 465 works. The other way is to first establish a plain text session then issue a "STARTTLS" command which initiates the TLS handshaking to switch the connection over to an encrypted TLS session. This allows both plain text and TLS to work on the same port and is how ports 25 and 587 work. Depending on your email client these two methods of establishing a TLS session may be called different things. Thunderbird, for example, calls TLS wrappermode "TLS" and STARTTLS is referred to, correctly, as STARTTLS. Outlook, on the other hand, calls TLS wrappermode "SSL" and refers to STARTTLS as "TLS". This is where a lot of confusion comes from. Just know that in spite of the often times incorrect terminology used by email clients pretty much every modern client now supports both TLS wrappermode and STARTTLS. > Since 587 port is the new standard and client are well aware of 587+TLS. > therefore the good route to go is 586 with TLS. What you should be, at the very least, encouraging is STARTTLS over port 587. Whether you want to support some very old Outlook clients and offer TLS wrappermode over 465 is up to you but it is unlikely you will find anyone who still needs this old and deprecated form of submission. Peter
