Can changing the SMTP port "mess up other things"?

1

I have had a new job as a sysadmin at a company for a month and a half now. The other day, the issue of a long-standing problem came up: some of our outgoing mail (to important recipients) come back with errors (marked as spam), others with time-outs, etc.

Anyway, long story short, the symptoms we've experiencing made me think that changing the port from 25 (i was able to confirm that this is the port we're using) to the often suggested 587 would be something worth giving a shot.

This is where the twist comes. I was hired, along with another young colleague, to be part of a team of 3 - the roster is rounded out by an older colleague. The older colleague is a "career second fiddler" who has recently lost his partner (who we were hired to replace). Since he was always the "second fiddle", he is very reluctant about a lot of stuff.

So when i proposed the changing of the port, he categorically said no, because as he put it "that would surely mess up something else, so i'm not trying to play with that". (I have concluded in my first month a half here that he is lacking knowledge in certain areas, this being one of them.)

Can changing a port on our mailserver actually "mess something else up"? (My knowledge is also a bit rusty about this, i worked in a totally different area in the past 10 years.)

szhep

Posted 2019-04-12T11:06:57.037

Reputation: 25

Answers

1

The port, by itself, doesn't do anything. The recipient mail systems don't know via which port your mailserver originally accepted the message. The real difference comes from the mailserver performing different handling for messages sent through these ports:

  • TCP 25 is meant for server-server connections (mail exchange), so the server usually does not ask for authentication; offers optional STARTTLS; performs spam filtering and SPF/DKIM checks on inbound messages, but doesn't place its own DKIM signatures.

  • TCP 587 and 465 are meant for client-server connections (mail submission), so the server usually requires authentication and (START)TLS; performs no spam filtering, but rather adds its own DKIM signatures on outgoing mail.

  • (Depending on server, it may be possible to configure a mix of these two. For example, the server may allow optional authentication on port 25, and treat messages as outgoing if the client authenticated itself but as incoming if it did not.

    And just in case it wasn't obvious, do not disable the port 25 listener, as it is required to receive mail from other domains. Ports 587/465 are an additional service, not a replacement.)

So you're changing the port not for the sake of changing the number, but because you want some of these side effects (in particular, if DKIM has been set up on the domain, you want all messages to be DKIM-signed).

Of course, just as some side effects can fix your problem, other side effects can "mess something else up" – for example, because authentication and STARTTLS are mandatory on port 587, your clients must now support both features (whereas on port 25 they might have used cleartext and relied on IP-based whitelisting instead).

You should try to find out what specifically is the cause of your spam problems. (I would start with sending two identical messages to a Gmail inbox, one via port 25, another via port 587, and comparing the headers as they appear when received by Gmail.)

user1686

Posted 2019-04-12T11:06:57.037

Reputation: 283 655

Sorry, i made the mistake of posting this before i left for the weekend, and then i forgot about it. Thank you for the reply and the explanations. I will keep these things in mind when discussing the issue with my colleague(s). Thanks again, much appreciated. – szhep – 2019-04-16T05:37:38.090

Asked: 2019-04-12T11:06:57.037

Viewed: 43 times

Active: 2019-04-12T12:46:16.673