• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Block 25 Port allow 587 port instead on Plesk

S

sansar27

New Pleskian
Server operating system version
ubuntu 20.04
Plesk version and microupdate number
Plesk Obsidian Web Admin Edition 18.0.58 Update Nr. 2
Hello guys,
I want the SMTP server to use the 587 port instead 25. So for security reason we want to use secure connection for outgoing emails.

I already read this topic, as well.

Question - Change default SMTP Port in Plesk

Hi, I have noticed Plesk use default 25 port for sending mail. Unfortunately, my server provider blocks port 25 by default. When i asked them they says to use 465, 587, or 2525 instead of 25. How to change the default port?
talk.plesk.com talk.plesk.com

On my main.cf file there is no such as configuration entry which is mentioned on post.

1709051833453.png

Is there any body who can help me ?
Best regards,
Thanks in advance!
Hasan
 
If you block port 25 your server will not be able to send mails to or receive mails from other servers on the Internet.
 
Hello Peter, you are right. It sends email from our exchange server by using smtp 25 port. So we do not want to block it. We want to make it just secure port.
In this case our server is open for the threats. How can we solve this problem instead of blocking 25 port?
 
Why should your server be open for threats when Postfix is listening on port 25? Or to be more precise, why would any other port be inherently more "secure"?

If you want to achieve that emails received and sent are (transport) encrypted whenever possible, just make sure your Postfix configuration has smtp_tls_security_level and smtpd_tls_security_level set to "may", a proper SSL certificate is configured and your server also still supports TLS 1.0 and 1.1.
Well, on can debate on disabling TLS 1.0/1.1 for a potentially more secure transport encryption, but in my opinion this is kinda moot as long as a server still supports non encrypted connections as well.
 
ChristophRo said:
Why should your server be open for threats when Postfix is listening on port 25? Or to be more precise, why would any other port be inherently more "secure"?

If you want to achieve that emails received and sent are (transport) encrypted whenever possible, just make sure your Postfix configuration has smtp_tls_security_level and smtpd_tls_security_level set to "may", a proper SSL certificate is configured and your server also still supports TLS 1.0 and 1.1.
Well, on can debate on disabling TLS 1.0/1.1 for a potentially more secure transport encryption, but in my opinion this is kinda moot as long as a server still supports non encrypted connections as well.
Click to expand...

25 port is used by SMTP server for clear text emailing as far as I know(It uses this port for listening and sen. Please correct me if I am wrong. I want just the postfix to use encrypted communication way. And I also tried to establish telnet connection on this port. It accepts this command but no result on server. Maybe I am doing something wrong. I tried to run this command and says Ok but no result.

HELO smptp.plesk.com

MAIL FROM: [email protected]

RCPT TO: root+:"; touch test.txt ;"

For your other opinion I fully agree with you. I just did not understand smtp_tls_security_level and smtpd_tls_security_level set to "may". Because why cannot I set "secure" or "encrypt" or any another higher parameter instead? Does such an option make sense just to avoid disrupting the operations of the SMTP?
Thank you
 
sansar27 said:
25 port is used by SMTP server for clear text emailing as far as I know (It uses this port for listening and send)
Click to expand...
Port 25 is used to receive emails, but postfix/qmail do support StartTLS encryption on this port since 20 years ago or so.
Yes, the encryption is optional (smtpd_tls_security_level=may), so your server may still receive some emails via plain text.

For sending, your postfix will use a random local port between 1024-65525 for every connection, but of course connects to port 25 on the target mail server.
With smtp_tls_security_level=may it will try to use StartTLS to encrypt the connection, but still sends the emails in plain text, if the target mail server does not support SSL/TLS
If you set smtp_tls_security_level to "encrypt" or "secure", then your server will refuse to deliver any emails, if the target mail server does not support SSL/TLS or does not have a valid SSL certificate. And at least according to our own observation, there are still quite a lot of mail servers out there, where this is the case.
So your customers may then start to complain, that they can no longer send emails to certain recipients, if you set this parameter to encrypt or secure,


sansar27 said:
For your other opinion I fully agree with you. I just did not understand smtp_tls_security_level and smtpd_tls_security_level set to "may". Because why cannot I set "secure" or "encrypt" or any another higher parameter instead? Does such an option make sense just to avoid disrupting the operations of the SMTP?
Click to expand...
As already teasered above, with anything except "none", "may" or "dane" your server will no longer be able to receive or send ALL emails, because there are still some mail servers out there, not supporting SSL/TLS at all.
This may or may not be a problem, depending on where your customers send emails to or receive emails from
 
You must log in or register to reply here.

Similar threads

P
Resolved Force Plesk to use port 25 alternative (Digital Ocean refuses to open 25)
Replies
4
Views
326
Paul Larson
P
M
Issue Can't open Port 25. Please help
Replies
2
Views
350
mhogue
M
I
Question How to change port 25 to 587?
Replies
1
Views
3K
Maarten.
M
zwankie
Question Also allow non-SSL SMTP Connections
Replies
2
Views
1K
zwankie
zwankie
T
Question panel.ini [mail] options; submission port 587
Replies
3
Views
864
textfont102
T
Back
Top