Re: [exim] port 587

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim-users
Subject: Re: [exim] port 587
On Tue, 2008-01-15 at 14:01 -0800, Jeroen van Aart wrote:
> If I grep 587 /etc/services I find:
> submission      587/tcp                       # Submission [RFC2476]


And if you look at the official IANA port allocations you'll find:

urd             465/tcp    URL Rendesvous Directory for SSM


(a Cisco service, IIRC). But more of that later :)

> Upon reading http://www.ietf.org/rfc/rfc2476.txt, albeit not
> exhaustively, it seems the idea is that port 587 should be used to
> submit an email by an email client (MUA, or MSA, the abbreviations
> rock). And port 25 is used by MTAs to transfer emails.

<snip>
> One may argue why bother with 587 at all if you are still allowed to use 25.


MUAs often find port 25 access blocked, particularly in domestic- or
consumer-heavy networks, except to the MTAs or MSAs opearted by the
network owner. Many of us need to send via MTAs or MSAs operated by our
employers, or by ourselves elsewhere (ie. for "vanity" or private
domains like mine), or choose to use a different mail provider than
their ISP.
Many (but sadly not all, although that's a whole different argument)
ISPs block access to port 25 off their network. Often the submission
service on port 587 is a good way to get round this, especially as most
operators-with-clue provide authenticated services only on port 587.
This reduces spam.

> What is wisdom in this mess? Insist on everyone using port 587? ignore
> 587 and support a host of legacy clients with port 465 and allow port 25
> for submissions? Open all 3 ports and allow whatever people want on any
> port? Users have been told for years to use 25 (and 465), to add to the
> confusion.


"Wisdom", or (best?) current practice, is to:

Stop clients on your network connecting to port 25 on servers off your
network.
Allow clients on your network access to ports 465 and 587 off your
network.
Provide services on at least port 25 and 587, and 465 if you must, where
the 465 and 587 services are accessible from anywhere but require
authentication before relaying.

> Out of curiosity, why is it so wrong to use 465? It's just a port
> number, not a religion. :-) Instead of choosing another port, those who
> "decide" (who?) could have renamed port 465 to read "submission". Or not?


It's already assigned to another service, that's why. The IANA list *is*
the Bible, after all :)

Graeme