• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question About ports 465 and 587

emilitingo

New Pleskian
About this image:
subm.png
If I open port 587, will port 465 stop working? Or will both ports be available and can I use either port as needed?

If I change to port 587, will I have to reconfigure my email managers later?

About this picture:
aaa.png

It will automatically change this setting and I won't have to do anything? or should I make the changes manually later in plesk?

I am using Plesk Obsidian Web Host Edition

Thanks for the support
 
If I open port 587, will port 465 stop working? Or will both ports be available and can I use either port as needed?
Before enabling 587 port:
Code:
root@friendly-banzai:~# lsof -i tcp:465
COMMAND     PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
master  3516935 root  114u  IPv4 67160597      0t0  TCP *:submissions (LISTEN)
master  3516935 root  115u  IPv6 67160598      0t0  TCP *:submissions (LISTEN)

root@friendly-banzai:~# lsof -i tcp:587
root@friendly-banzai:~#

After enabling 587 port:
Code:
root@friendly-banzai:~# lsof -i tcp:465
COMMAND     PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
master  3632049 root  114u  IPv4 69460309      0t0  TCP *:submissions (LISTEN)
master  3632049 root  115u  IPv6 69460310      0t0  TCP *:submissions (LISTEN)

root@friendly-banzai:~# lsof -i tcp:587
COMMAND     PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
master  3632049 root  129u  IPv4 69468761      0t0  TCP *:submission (LISTEN)
master  3632049 root  130u  IPv6 69468762      0t0  TCP *:submission (LISTEN)

So, port 587 will be added additionally to 465 port.
It will automatically change this setting and I won't have to do anything?
I checked and found that nothing changed in this tip.
In conclusion - nothing should be additionally configured, just port 587 will be added additionally.
 
Any info on how to change the "tip" in the UI? We want our users to use 587 by default...
 
Any info on how to change the "tip" in the UI? We want our users to use 587 by default...

Add the configuration to panel.ini file. This only changes the port shown in the UI, not any server configuration.
Code:
[mail]
clientConfig.smtpPortEncrypted = 587
 
Not really....
Plesk/Postfix enforces TLS/StartTLS for connections on port 587 as well

Port 587 is the port to use nowadays.
465 is a legacy construct that may get obsolete and vanish in the future
 
But at least with 465 you know it can't connect unencrypted, whereas with 587 you have to rely on the server to enforce (and the client demand) STARTTLS before anything else, which makes a MITM attack possible.
 
For some reason, there is an issue with communication to our port 465. It takes roughly 30 seconds (after socket connection is established) before the server throws the welcome message to the client. This is problematic for some mail clients. We yet have to find the cause. Communication on 587 works straight away.
 
@Kaspar@Plesk when the submission port (587) is enabled, that should become the default in all guides, not 465. We shouldn't have to use a panel.ini override to do that.

In other words, keep it at 465 if submission port is not enabled, and force it to 587 when submission port is enabled.
 
For some reason, there is an issue with communication to our port 465. It takes roughly 30 seconds (after socket connection is established) before the server throws the welcome message to the client. This is problematic for some mail clients. We yet have to find the cause. Communication on 587 works straight away.
I'm not certain if that's exactly our issue, but we do have clients reporting issues with some mail apps on 465 that work fine with 587, so that probably is the issue. Another reason why, when 587 is enabled in Plesk, it should be the default in all guides.
 
But at least with 465 you know it can't connect unencrypted, whereas with 587 you have to rely on the server to enforce (and the client demand) STARTTLS before anything else, which makes a MITM attack possible.

Explain. We're talking in the context of Plesk servers. By default Plesk servers require STARTTLS on 587. So in the context of Plesk servers, how is that relevant?
 
Back
Top