About
A smtp port is a port of the SMTP server where an smtp client would connect to try to:
- or deliver
an email.
Summary
Submission Port
submission 1) is a means for client (Mua) to connect to a SMTP server and send messages.
ie
- The submission ports (463, 587) are expected to be able to transmit email from clients.
- while the other port (ie 25) is expected to receive email from a smtp server (mta)
Note that the process that accepts message submissions is called a Message Submission Agent (MSA)
Port
25
The port 25 is a port:
- with plain connection (ie without TLS)
- without authentication.
The localhost port 25 is used by Postfix or a similar mail server running on the local machine.
- For remote clients, it denies relay and accepts only to receive email for the domain that it manages.
- For local clients, it accepts to send email.
The port 25 is mostly blocked by your Internet Service Provider (ISP) 2) if you are at home. One solution is to connect to the port 587 which is a service where you need to authenticate.
Advanced tip:: In the DNS 3), in a WKS record if the protocol is tcp (6), and the 26th bit is set, an SMTP server should be listening on TCP port 25
465
The port 465
- runs on a secure connection with TLS
- should allow only authenticated users
- can be used as Mail Transfer Agent (MTA) to deliver mail to another mailbox (as the users are known)
- is mostly never blocked by a firewall (ISP or others)
As your users are authenticated, you should not score their email or any traffic activities otherwise you could block your own users.
587
The port 587 has the same properties than the port section25, except that it accepts only authenticated connections.
2525
The port 2525 is a backup port for the port 25 in case the other ports are blocked by a network provider or a firewall.
2587
The port 2587 is a backup port for the port 587 in case the other ports are blocked by a network provider or a firewall.
Configuration
Postfix
To open port 587, with postfix, the submission line should be uncommented and parameters should be overwritten.
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Specification
If you want to known more about the subject, there is also a whole specification. See RFC6409 - Message Submission for Mail