Skip to main content

Is port 25 used between mail servers secured with SSL/TLS? [Resolved]

Does port 25(smtp) used by MTAs work under plain text/non-encrytion ?

I couldn't find any resources that state smtp with 25 by default is plain text.

From Opportunistic_TLS

(See the code section S: ...)

, it seems that port 25(smtp) supports STARTTLS, so does this indicate that

  1. port 25 with smtp used by MTAs is non-encryted by default ?
  2. and it can (only) be secured in a STARTTLS way ?

Question Credit: Rick
Question Reference
Asked June 14, 2019
Tags: email
Posted Under: Network
1 Answers

There are two scenarios for SMTP traffic:

  • Server to Server
  • Client to Server.

Server to Server e-mail communication takes place over port 25. This port continues to be used primarily for SMTP relaying. SMTP relaying is the transmittal of email from email server to email server. You have to accept SMTP traffic at port 25 to receive communications from other domains. This is unsecured, information is sent as clear text / ASCII. It is not sent over SSL.

Client to Server scenario: On the server you can configure different submission ports (open ports you will accept e-mail on). These can be anything, but clients will have to know to use them.

The most common ports are 25 and 587, but a client-server system should not use 25. If you want secure outgoing communication, use 587 with TLS. This is the default e-mail submission port. When an e-mail client or server is submitting an email to be routed by a proper e-mail server, it should always use this port. This port, coupled with TLS encryption, will ensure that email is submitted securely and following the guidelines set out by the IETF.

Do not confuse ports with communication protocols.

SMTP is a protocol – it specifies the way information is transmitted. It can transmit it securely or insecurely.

The SMTP port is actually a listening port and clients connect to this in order to use the server's functionality.

The SMTP Server, on the other hand, is something separate from the protocol itself that actually does the transmission.

So yes, what you read is correct: port 25 is considered to be an incorrect use in a client-server scenario.

credit: Overmind
Answered June 14, 2019
Your Answer