What are the SMTP Ports? (25, 465, 587)


A smtp port is a port of the SMTP server where an smtp client would connect to try to:

an email.


Service Name Port Protocol Authentication Required Type of delivery Submission
smtp 25 or 2525 Plain with STARTTLS No Local
smtps 587 or 2587 Plain with STARTTLS Yes Remote / local Yes
smtps 465 TLS (SSL) Yes Remote / local Yes

Submission Port

submission 1) is a means for client (Mua) to connect to a SMTP server and send messages.


  • The submission ports (463, 587) are expected to be able to transmit email from clients.
  • while the other port (ie 25) is expected to receive email from a smtp server (mta)

Note that the process that accepts message submissions is called a Message Submission Agent (MSA)



The port 25 is a port:

  • with plain connection (ie without TLS)
  • without authentication.

The localhost port 25 is used by Postfix or a similar mail server running on the local machine.

  • For remote clients, it denies relay and accepts only to receive email for the domain that it manages.
  • For local clients, it accepts to send email.

The port 25 is mostly blocked by your Internet Service Provider (ISP) 2) if you are at home. One solution is to connect to the port 587 which is a service where you need to authenticate.

Advanced tip:: In the DNS 3), in a WKS record if the protocol is tcp (6), and the 26th bit is set, an SMTP server should be listening on TCP port 25


The port 465

As your users are authenticated, you should not score their email or any traffic activities otherwise you could block your own users.


The port 587 has the same properties than the port section25, except that it accepts only authenticated connections.


The port 2525 is a backup port for the port 25 in case the other ports are blocked by a network provider or a firewall.


The port 2587 is a backup port for the port 587 in case the other ports are blocked by a network provider or a firewall.



To open port 587, with postfix, the submission line should be uncommented and parameters should be overwritten.

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
submission inet n      -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o syslog_name=postfix/submission
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING


If you want to known more about the subject, there is also a whole specification. See RFC6409 - Message Submission for Mail

Discover More
Postfix - SMTP Banner

A SMTP banner is the protocol banner of SMTP (ie the response that a client will get when it connects to a SMTP server) With Telnet, we connect to the local smtp server submission port We receive...
Gmail Tls Security
Postfix - TLS (SSL) configuration

Transport Layer Security (TLS, formerly called SSL) with Postfix It provides: certificate-based authentication and encrypted sessions. An encrypted session protects the information that is transmitted:...

Share this page:
Follow us:
Task Runner