Port 587 is for users to send out emails on. Port 25 is for servers to relay messages to one another. That way ISPs can block outgoing SMTP on their networks but still allow users to send email to any mail server through port 587. I’m a little embarrassed that I’ve never heard of this before. This week I gotta make this port active on our SMTP relay server.
Port 587 isn’t the only interesting one. Here are others: (source)
|SMTP – Simple Mail Transfer Protocol||25||* As part of the anti-spam best practices, you should block this outgoing for any machine that doesn’t need to send email directly.|
|SMTPs – secure SMTP||465||Port 465 shows up Appendix A of the 1996 non-standard standard The SSL Protocol Version 3.0 as “Simple Mail Transfer Protocol with SSL”. Unfortunately, it’s not registered for SMTPs, it’s registered for URD – “URL Rendesvous Directory for SSM” by Cisco. The recommended approach, at least for authentication, is to use START TLS encryption on submission port 587.|
|(SMTP email) submission||587||* See RFC 2476 – Message Submission.|
|POP2 – Post Office Protocol 2||109||* obsolete|
|POP3 – Post Office Protocol 3||110||*|
|POP3s – secure POP3||995||* Full description is “pop3 protocol over TLS/SSL (was spop3)”.|
|IMAP3 – Interactive Mail Access Protocol v3||220||* obsolete|
|IMAP4 – Internet Message Access Protocol 4||143||* Also referred to by version as IMAP4.|
|IMAPs – secure IMAP||993||* Full description is “imap4 protocol over TLS/SSL”. Use 993 instead of TCP port 585 “imap4-ssl”, which is deprecated.|
When I’m out of the office and connected to a public wireless network I’m very cautious about checking my email. Right now Sutton only has POP3 and authenticated SMTP service. This week I’m going to look into setting up POP3+TLS, IMAP+TLS and SMTP+TLS. We run qmail+ldap (awesome!) so it shouldn’t be too hard to create TLS encrypted access.
This would give me the peace of mind that when I’m on public wireless my passwords aren’t flying through the air in plain text. It’ll also save me the trouble of having to connect to the VPN at the office just to check my email!