Re: Di I need to open port 25?

Mon, 15 Jun 2015 10:04:45 -0700 

On Mon, 15 Jun 2015, L. D. James wrote:
You don't need to open port 25. Port 25 is for sending, not receiving mail. Many administrators consider Port 25 a security risk and block it to prevent having their system exploited. 


You can use port 587 for sending rather than Port 25.  Some administrators 
open port 25 so that their clients can use it for sending email (not 
receiving).  You wouldn't have to do this (have port 25 opened) if you tell 
the people who have accounts on your server and will be using your server for 
sending email.


This is wrong, wrong, wrong and should be ignored.


But first off, terminology. For one system to be sending, another has to 
be receiving. Port 25 is used by an MTA to receive mail from another MTA. 
It can also be used by an MTA to receive mail from an MUA (Mail User Agent 
- a user mail program such as Outlook) although that is not "best 
practice" these days. 587 (aka the submission port) is the preferred port 
for an MTA to receive mail from an MUA.



Turn off port 25 and you cannot receive mail from another MTA as port 25 
is the port MTAs use by default to send to another MTA.



Note that these port numbers (25 and 587) are what the receiving server 
has open for receiving. The sending MTA or MUA sends from a random port. 
There is no need to define the port being used on the sender (client). 
Only the port that a server listens on needs to be defined as it needs to 
be "well-known". But also note that the term "server" when discussing a 
mail server can be misleading as a mail server also acts as a client when 
sending to other mail servers. In the mail world (as well as most of the 
Internet), clients initiate connections from a random port on the client 
to a "well-known" and defined port on the server.


So in short:

MTA (acting as client) to another MTA (acting as server) connects from a 
random port on the client MTA to port 25 on the server MTA.



MUA (always acting as clinet) to MTA (acting on server) connects from a 
random port on the MUA to port 587 (preferred) or port 25 (if permitted) 
on the server MTA.



Use of port 465 was deliberately not included in the above as it does not 
seem to be part of the OPs issue.


-- Larry Stone
   lston...@stonejongleux.com






















					Reply via email to