This comment on my Getting a Lot of Spam? post led me to dig deeper into port 587, the SMTP Submission port.
Port 587 is for users to send out emails on. Port 25 is for servers to relay messages to one another. That way ISPs can block outgoing SMTP on their networks but still allow users to send email to any mail server through port 587. I’m a little embarrassed that I’ve never heard of this before. This week I gotta make this port active on our SMTP relay server.
Port 587 isn’t the only interesting one. Here are others: (source)
| Service | TCP Port | Notes |
|---|---|---|
| SMTP – Simple Mail Transfer Protocol | 25 | * As part of the anti-spam best practices, you should block this outgoing for any machine that doesn’t need to send email directly. |
| SMTPs – secure SMTP | 465 | Port 465 shows up Appendix A of the 1996 non-standard standard The SSL Protocol Version 3.0 as “Simple Mail Transfer Protocol with SSL”. Unfortunately, it’s not registered for SMTPs, it’s registered for URD – “URL Rendesvous Directory for SSM” by Cisco. The recommended approach, at least for authentication, is to use START TLS encryption on submission port 587. |
| (SMTP email) submission | 587 | * See RFC 2476 – Message Submission. |
| POP2 – Post Office Protocol 2 | 109 | * obsolete |
| POP3 – Post Office Protocol 3 | 110 | * |
| POP3s – secure POP3 | 995 | * Full description is “pop3 protocol over TLS/SSL (was spop3)”. |
| IMAP3 – Interactive Mail Access Protocol v3 | 220 | * obsolete |
| IMAP4 – Internet Message Access Protocol 4 | 143 | * Also referred to by version as IMAP4. |
| IMAPs – secure IMAP | 993 | * Full description is “imap4 protocol over TLS/SSL”. Use 993 instead of TCP port 585 “imap4-ssl”, which is deprecated. |
When I’m out of the office and connected to a public wireless network I’m very cautious about checking my email. Right now Sutton only has POP3 and authenticated SMTP service. This week I’m going to look into setting up POP3+TLS, IMAP+TLS and SMTP+TLS. We run qmail+ldap (awesome!) so it shouldn’t be too hard to create TLS encrypted access.
This would give me the peace of mind that when I’m on public wireless my passwords aren’t flying through the air in plain text. It’ll also save me the trouble of having to connect to the VPN at the office just to check my email!
{ 1 trackback }
{ 16 comments… read them below or add one }
I am using port 587 a lot for ASMTP over TLS/SSL. Its work great. Specially when I am on the university where we are using a wireless without encryption, together with some cources where you learn how to spoof data over wireless, its nice to have some encryptions.
Hi There,
A very interesting post. I just purchased a new iPhone and was finding that outgoing mail was not sending.
When I looked under the hood, I saw that port 587 was configured for the outgoing mail, I switched this to port 25 and was able to send. Makes me wonder if my ISP (Demon) had the port blocked?
Thanks for the explanation
Gareth
i cant get send any email on my outlook expressand wonder if there is a problem.
My ISP has decided that I need to use port 587 to send email on my server, not thier server, my server… The ISP is blocking me. We attempted to set port 587 for SMTP, but my webhost has it disabled. I’m changing ISP. Locked doors only keep honest people out. its not goig to the spam or worms or viruses from spreading.
When you are out in public, you should use SSH to log in (via key based login) to your system and use a text based email client to read your email. That way you know you are guaranteed that nothing is released over the public wireless connection.
Interesting and helpful!
After several happy years with Speakeasy ADSL at 1.3 Mb/s, I couldn’t resist a no-contract FiOS 25 Mb/s symmetrical rate — no contract, either, for less than twice what I was paying to Speakeasy. I’ve been very slow about configuring e-mail with Verizon, and until a few days ago was sending all to Speakeasy’s server via port 25. I got a perpetual “Connecting…” in Opera e-mail after a few days’ hiatus. Speakeasy Tech Support (even though my account is e-mail, only) promptly recommended port 587, which was new to me. Happiness Returned.
Googling on [port 587] brought lots of hits!
Many thanks for the added info.!
I have changed my port to 587, but I still am unable to receive any emails using Outlook? Any ideas on what else I could do, I have followed the directions word for word & even went in deleted it & started over. Still no luck, anything at this point would be greatly appreciated!
Danielle
Danielle, the port 587 is to send emails via smtp. To receive you may configure the pop port as 995 if your provider enabled secure for POP and don’t forget to click on: This server requires SSL connection if you like to send your emails on secure connection, but most important to discover qhat is happening is see the error.. another mistake is dont click on “my ingoing server (POP) requires authentication” dont forget this..
Good Luck!
Oh yeah ! port 587 for -mail …works great
Thanks! We are using port 25 for the mobile gadgets SMTP settings but suddenly our users could not send emails to my server. We found out that Globe Telecom blocked this port so I tried port 587 and it works.
So…up until a week ago, I was able to use Thunderbird to open my fowarded emails from my Speakeasy as well as my emails from my domains.
Then, my Comcast went down due to a contractor.
Since Comcast was reconnected today, I have been unable to either dowload or upload email using Thunderbird at home. (I was able to up/download email when out at Starbucks though)
I have not changed any settings on Thunderbird. Speakeasy is receiving emails on their webhosting, but they are not getting to me via Thunderbird when I am home on Comcast internet.
The error message when sending or receiving says that Thunderbird has timed out.
Comcast says they can not help
Speakeasy says they can not help
my outgoing port is 587
IMAP mail server port is 110 (I have tried 25, 110,,993 and 587) none of them make any difference.
Got any ideas?
In short:
For incoming mail, try setting to POP3, mail.comcast.net, port 995.
For outgoing mail, try setting to SMTP, smtp.comcast.net, port 587.
Check require encryption / SSL / TLS / etc for both.
Require authentication checkboxes may be necessary.
Explanation:
Incoming mail server appears to be mail.comcast.net.
It does not seem to have the IMAP4 or IMAPS (IMAP4 over SSL) open (TCP 143 and 993, respectively).
It does seem to have both POP3 and POP3S (POP3 over SSL) open (TCP 110 and 995, respectively).
This can be found with a series of DNS lookups and telnet tests.
It appears the outgiong mail server is going to be smtp.comcast.net and port 587 (SMTP submission, which supports starttls for SSL) is open. I connected and from a EHLO can see it supports STARTTLS. Port 25 is also open.
The comcast.net relays as per MX records have port 25 open but are only MTA’s designed, it seems, to relay mail from other mail servers with proper reverse DNS lookups so as to prevent anybody relaying through them from home, starbucks, etc.
Ports list:
incoming mail maildrop-style, no encryption:
POP3 – port 110
IMAP – port 143
incoming mail maildrop-style, with encryption:
IMAP4 over SSL (IMAPS) – port 993
Secure POP3 (SSL-POP) – port 995
outgoing transfer / relay:
SMTP – port 25
outgoing “submission” (potentially with SSL):
SMTP Submission Port (encryption via smtp starttls) – port 587
Oh yeah ! Thk q so much duet… port 587 for submitting-mail server…works great…!!!!!!!!!!!
HOW DO YOU DELETE THE ERROR MESSAGE THAT CONTINUES TO COME UP. THE SYSTEM SEEMS TO WORK OK
How do i change from Port 25 to Port 587.
…or you could just not send email over public wifi -just sayin tho you could always bypass whichever port or create a remote vpn.
Great post btw