Discussion:
SMTP and ports 25 and 1025.
(too old to reply)
Easthope
2007-03-16 16:30:14 UTC
Permalink
Debian Users,

I am trying to understand how SMTP uses ports.
Ultimately I want it to work through a SSH tunnel.

Normally SMTP uses port 25 but in some cases it uses
1025. According to
http://www.iana.org/assignments/port-numbers
1025 is assigned to blackjack! (blackjack?) So what
is SMTP doing with it?

Thanks, ... Peter E.
Nick Demou
2007-03-16 16:40:11 UTC
Permalink
Post by Easthope
Debian Users,
I am trying to understand how SMTP uses ports.
Ultimately I want it to work through a SSH tunnel.
Normally SMTP uses port 25 but in some cases it uses
1025.
25 is the default (ie. the one that all computers in the Internet will
attempt to use). You can manually set an SMTP to use whatever port you
like (1025 10025 689...) but only if you control all the PCs that
will talk to that SMTP (in order to set them so as to use 1025 also).
Post by Easthope
So what is SMTP doing with it?
nothing if you don't mess with the defaults which you better not
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Stephen R Laniel
2007-03-16 17:10:06 UTC
Permalink
Post by Easthope
Normally SMTP uses port 25 but in some cases it uses
1025. According to
http://www.iana.org/assignments/port-numbers
1025 is assigned to blackjack! (blackjack?) So what
is SMTP doing with it?
I've never seen SMTP use 1025. If you were to do
SMTP-over-SSH, you'd be using port 22 (ssh's port). When I
do IMAP-over-SSH, what I'm doing is

1) opening up an SSH connection to remote-host (over port
22)
2) running imapd on that end
3) catching the stdout from imapd on my end
4) closing the connection

So basically I'm doing this command:

ssh remote-host /usr/sbin/imapd | some-local-process

If you were doing SMTP-over-SSH, I guess you'd be doing
something similar. But for reasons that I don't want to take
the time to list, it seems like you wouldn't be doing the
same thing with SMTP.
--
Stephen R. Laniel
***@laniels.org
Cell: +(617) 308-5571
http://laniels.org/
PGP key: http://laniels.org/slaniel.key
Matus UHLAR - fantomas
2007-03-17 21:50:09 UTC
Permalink
Post by Easthope
I am trying to understand how SMTP uses ports.
Ultimately I want it to work through a SSH tunnel.
Normally SMTP uses port 25 but in some cases it uses 1025.
in what cases? there is port 587 designed and reserved for message
submission via SMTP.
Post by Easthope
According to
http://www.iana.org/assignments/port-numbers
1025 is assigned to blackjack! (blackjack?) So what
is SMTP doing with it?
not SMTP. maybe someone put smtp on port 1025 but that's his/her problem.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Albert Dengg
2007-03-18 13:20:10 UTC
Permalink
Post by Matus UHLAR - fantomas
Post by Easthope
I am trying to understand how SMTP uses ports.
Ultimately I want it to work through a SSH tunnel.
Normally SMTP uses port 25 but in some cases it uses 1025.
in what cases? there is port 587 designed and reserved for message
submission via SMTP.
to my knowlege, port 587 is for _authenticated_ message transmission,
e.g. from your own users, not for server<->server.
and everything that is for communication with the users can in prinziple
run on any port you want, since you can tell then how to configure your
clients, but there is no mechanism to tell other smtp servers "talk to
me on port 666" or something.

yours
albert
--
Albert Dengg <***@gmx.at>
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Matus UHLAR - fantomas
2007-03-18 14:40:05 UTC
Permalink
Post by Albert Dengg
Post by Matus UHLAR - fantomas
Post by Easthope
I am trying to understand how SMTP uses ports.
Ultimately I want it to work through a SSH tunnel.
Normally SMTP uses port 25 but in some cases it uses 1025.
in what cases? there is port 587 designed and reserved for message
submission via SMTP.
to my knowlege, port 587 is for _authenticated_ message transmission,
e.g. from your own users, not for server<->server.
Yes. ehm... do you want to run server<-> server traffic on port 1025? Why?
Post by Albert Dengg
and everything that is for communication with the users can in prinziple
run on any port you want, since you can tell then how to configure your
clients, but there is no mechanism to tell other smtp servers "talk to
me on port 666" or something.
Yes, and ... ? I miss your point. Of course you can run any service on any
port. But there's good standard on what services run at what ports and using
different port is usually harder to configure, detect etc etc...
so better us well-known (assigned) ports.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Seth Goodman
2007-03-24 22:40:11 UTC
Permalink
Post by Matus UHLAR - fantomas
Post by Albert Dengg
and everything that is for communication with the users can in
prinziple run on any port you want, since you can tell then how to
configure your clients, but there is no mechanism to tell other
smtp servers "talk to me on port 666" or something.
Yes, and ... ? I miss your point. Of course you can run any service
on any port. But there's good standard on what services run at what
ports and using different port is usually harder to configure,
detect etc etc... so better us well-known (assigned) ports.
Actually, there is a standardized way to communicate ports for a given
service via DNS: SRV records. Except that almost nobody uses them :)
Since this mechanism did not exist until recently, MTA's pay no
attention to it, as far as I know.
--
Seth Goodman
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Matus UHLAR - fantomas
2007-03-25 11:40:09 UTC
Permalink
Post by Seth Goodman
Post by Matus UHLAR - fantomas
Post by Albert Dengg
and everything that is for communication with the users can in
prinziple run on any port you want, since you can tell then how to
configure your clients, but there is no mechanism to tell other
smtp servers "talk to me on port 666" or something.
Yes, and ... ? I miss your point. Of course you can run any service
on any port. But there's good standard on what services run at what
ports and using different port is usually harder to configure,
detect etc etc... so better us well-known (assigned) ports.
Actually, there is a standardized way to communicate ports for a given
service via DNS: SRV records. Except that almost nobody uses them :)
Since this mechanism did not exist until recently, MTA's pay no
attention to it, as far as I know.
Actually, there is another standardized way: tcpmux (RFC1078).
Nobody uses it even :)

there are many well-known ports, and the only services (known to me) that
run on dynamically assigned ports are RPC services...
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Roberto C. Sánchez
2007-03-18 20:50:08 UTC
Permalink
Post by Albert Dengg
to my knowlege, port 587 is for _authenticated_ message transmission,
e.g. from your own users, not for server<->server.
Actually, 587 us the submission port. It has nothing to do with
authentication. Basically, the RFCs are written such that port 25 is
supposed to be use for the exchange of messages among mail servers and
port 587 is the port for users to introduce new messages to the system.

Regards,

-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Paul Johnson
2007-03-20 10:30:09 UTC
Permalink
Roberto C. Sánchez wrote in Article
Post by Roberto C. Sánchez
Post by Albert Dengg
to my knowlege, port 587 is for _authenticated_ message transmission,
e.g. from your own users, not for server<->server.
Actually, 587 us the submission port. It has nothing to do with
authentication. Basically, the RFCs are written such that port 25 is
supposed to be use for the exchange of messages among mail servers and
port 587 is the port for users to introduce new messages to the system.
I wonder how often this is actually done in practice however.
--
Paul Johnson
Email and IM (XMPP & Google Talk): ***@ursine.ca
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Matus UHLAR - fantomas
2007-03-20 11:20:09 UTC
Permalink
Post by Paul Johnson
Post by Roberto C. Sánchez
Post by Albert Dengg
to my knowlege, port 587 is for _authenticated_ message transmission,
e.g. from your own users, not for server<->server.
Roberto C. Sánchez wrote in Article
Post by Roberto C. Sánchez
Actually, 587 us the submission port. It has nothing to do with
authentication. Basically, the RFCs are written such that port 25 is
supposed to be use for the exchange of messages among mail servers and
port 587 is the port for users to introduce new messages to the system.
I wonder how often this is actually done in practice however.
the submission - still more often, because outgoing SMTP connections from
dynamic addresses (and often even static) are being blocked by ISPs in an
attempt to stop spam spreading from them.

required authentication - i'd say the same.

Although it's of course possible to run unauthenticated submission for local
networks on port 587, I'd say that's very bad idea. Using authentication
gives benefits like better spam score to the senders, and easier
configuration to admins.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Michelle Konzack
2007-04-04 18:30:25 UTC
Permalink
Hello *,
Post by Matus UHLAR - fantomas
the submission - still more often, because outgoing SMTP connections from
dynamic addresses (and often even static) are being blocked by ISPs in an
attempt to stop spam spreading from them.
Since I am more or less mobile in a Motorcaravan, I have the need to go
to Internet Cafes to send my (postponed) messages. Now, exactly since
7 weeks, the French ISP <http://www.free.fr/> is blocking port 25 and I
can not more send ANY messages to my own ISP <http://www.freenet.de/>.

"Free.fr" told me I should use there SMTP-Relay <smtp.free.fr> but
it does not work, since 90% of receivers of my messages rejecting
messages which come from SMTP-Relays which do not match the Domain-
Part of the sender.

My OWN courier server does this to and it 100% legitim.
Post by Matus UHLAR - fantomas
required authentication - i'd say the same.
Although it's of course possible to run unauthenticated submission for local
networks on port 587, I'd say that's very bad idea. Using authentication
gives benefits like better spam score to the senders, and easier
configuration to admins.
Now I have configured my "ssmtp" on my Laptop to use port 587!!!

Not realy recommended because now, TLS/SSL does not more work and
the password is transfered in clear text. On the other hand, it
pass the proxy of <free.fr> and I can send messages again.

Thanks, Greetings and nice Day
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Matus UHLAR - fantomas
2007-04-05 08:40:14 UTC
Permalink
Post by Michelle Konzack
Post by Matus UHLAR - fantomas
the submission - still more often, because outgoing SMTP connections from
dynamic addresses (and often even static) are being blocked by ISPs in an
attempt to stop spam spreading from them.
Since I am more or less mobile in a Motorcaravan, I have the need to go
to Internet Cafes to send my (postponed) messages. Now, exactly since
7 weeks, the French ISP <http://www.free.fr/> is blocking port 25 and I
can not more send ANY messages to my own ISP <http://www.freenet.de/>.
"Free.fr" told me I should use there SMTP-Relay <smtp.free.fr> but
it does not work, since 90% of receivers of my messages rejecting
messages which come from SMTP-Relays which do not match the Domain-
Part of the sender.
that's sick "antispam" feature since this is quite common in the world, just
a few mail domains have outgoing server with DNS name in them. No virtual
domains at ISPs I'd say.

Did you check if your sender domain has SPF records? freenet.de does not
have any. However, courier MTA does have 'freemail' option (in bofh file)
that configures this behavior for configured domains.
Post by Michelle Konzack
Post by Matus UHLAR - fantomas
Although it's of course possible to run unauthenticated submission for local
networks on port 587, I'd say that's very bad idea. Using authentication
gives benefits like better spam score to the senders, and easier
configuration to admins.
Now I have configured my "ssmtp" on my Laptop to use port 587!!!
Not realy recommended because now, TLS/SSL does not more work and
the password is transfered in clear text. On the other hand, it
pass the proxy of <free.fr> and I can send messages again.
You can try port 465, it may be used for smtp/ssl, but it is possible that
they do not allow SSL/TLS at all. You can still ask for encryption.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Continue reading on narkive:
Loading...