I believe what Larry said is correct. I would use a port forward rule to forward mail from other MTA's to port 587. You can do this easy with Iptables. Plenty of examples are on the net.
If you are authenticating mail that you send then you must connected to a MTA (SMTP server) and that could be via port 25. Checking an inbox via pop3 or IMAP would use different ports but to send authenticated mail from a machine port 25 or 587 needs to allow traffic. i'm i'm wrong someone correct me. -- Mike McKoy *404.590.7176* http://MyForeverHair.com http://www.MyModelTalk.com http://InCrowdUSA.net http://www.google.com/profiles/mikemckoy On Mon, Jun 15, 2015 at 1:03 PM, Larry Stone <lston...@stonejongleux.com> wrote: > On Mon, 15 Jun 2015, L. D. James wrote: > > You don't need to open port 25. Port 25 is for sending, not receiving >> mail. Many administrators consider Port 25 a security risk and block it to >> prevent having their system exploited. >> >> You can use port 587 for sending rather than Port 25. Some >> administrators open port 25 so that their clients can use it for sending >> email (not receiving). You wouldn't have to do this (have port 25 opened) >> if you tell the people who have accounts on your server and will be using >> your server for sending email. >> > > This is wrong, wrong, wrong and should be ignored. > > But first off, terminology. For one system to be sending, another has to > be receiving. Port 25 is used by an MTA to receive mail from another MTA. > It can also be used by an MTA to receive mail from an MUA (Mail User Agent > - a user mail program such as Outlook) although that is not "best practice" > these days. 587 (aka the submission port) is the preferred port for an MTA > to receive mail from an MUA. > > Turn off port 25 and you cannot receive mail from another MTA as port 25 > is the port MTAs use by default to send to another MTA. > > Note that these port numbers (25 and 587) are what the receiving server > has open for receiving. The sending MTA or MUA sends from a random port. > There is no need to define the port being used on the sender (client). Only > the port that a server listens on needs to be defined as it needs to be > "well-known". But also note that the term "server" when discussing a mail > server can be misleading as a mail server also acts as a client when > sending to other mail servers. In the mail world (as well as most of the > Internet), clients initiate connections from a random port on the client to > a "well-known" and defined port on the server. > > So in short: > MTA (acting as client) to another MTA (acting as server) connects from a > random port on the client MTA to port 25 on the server MTA. > > MUA (always acting as clinet) to MTA (acting on server) connects from a > random port on the MUA to port 587 (preferred) or port 25 (if permitted) on > the server MTA. > > Use of port 465 was deliberately not included in the above as it does not > seem to be part of the OPs issue. > > -- Larry Stone > lston...@stonejongleux.com >
