Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Email coming from port 25, or going to port 25?

Posted on 2004-11-12
8
Medium Priority
?
242 Views
Last Modified: 2010-04-10
I was looking at the packets hitting my server and was wondering.....

When an email is sent from Server1 to MyServer, are the packets always sent from Server1:25 to a random port on MyServer...or sent from a random port on Server1 to MyServer:25

It seems like it happens both ways.  But if my server is listening on port 25 for SMTP, then why can it accept SMTP on a different port?

The same question goes for MyServer sending out emails.  Why does it sometimes send from port 25, and other times send TO port 25?

Thanks,

B
0
Comment
Question by:Brian1
8 Comments
 
LVL 7

Expert Comment

by:improveyourpc
ID: 12571532
Brian1,

The ports are not always sent over port 25 (i.e. - a service provider may block port 25, so SMTP would maybe use port 26). Also it should happen both ways as the port is bi-directional.

They do this to stop spammers from sending out emails, most these days connect to the SMTP server for the domain that the email is being sent to. By blocking out going SMTP, apart from the ISP email server, they can then run a virus filter on ALL out going emails, so stopping there users from spreading worms.
Email service providers just need to provide a SMTP server on a DIFFERENT port, this will let there customers still connect to there SMTP server, while allowing the ISP to block emails sent my worms.

Here is a good description of how port 25 is used by SMTP from grc.com:

http://www.grc.com/port_25.htm
0
 
LVL 3

Expert Comment

by:fadiramada
ID: 12571599
Hi, I'm not sure by what you mean in your questioon but here are the standard ports and protocols for e-mail:

Port 25 - SMTP (Simple Mail Transfer Protocol) - Sends the mail out
Port 110 - POP3 (Post Office Protocol, Version 3) - Receives the mail
0
 
LVL 1

Author Comment

by:Brian1
ID: 12572151
Let me try to clarify.

On my firewall I allow traffic coming in from port 25 to my email server.....and traffic connecting to port 25 on my email server.  A list of packets will look like this:

SOURCE IP              PROTOCOL     DESTINATION IP

Otherserver.com:25       TCP              MyServer.com:3010
Otherserver.com:25       TCP              MyServer.com:3010
Otherserver.com:25       TCP              MyServer.com:3010
Otherserver.com:25       TCP              MyServer.com:3010
Otherserver.com:25       TCP              MyServer.com:3010


And then there is also packets like this:

Otherserver.com:1287       TCP              MyServer.com:25
Otherserver.com:1287       TCP              MyServer.com:25
Otherserver.com:1287       TCP              MyServer.com:25
Otherserver.com:1287       TCP              MyServer.com:25
Otherserver.com:1287       TCP              MyServer.com:25
Otherserver.com:1287       TCP              MyServer.com:25

*Note that the ports 1287 and 3010 are just random ports I made up*

The question is, when an external server wants to initiate an email connection to my server why does it sometimes connect to port 25 on MyServer.com, and sometimes it connects to a random port on MyServer.com, but uses port 25 on it's system?





0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 8

Expert Comment

by:holger12345
ID: 12572931
here is the answer to your question

The email-client connects to port 25 on the server side. The client-port can be any.
That is because the server has a socalled LISTENER (the daemon or the service), that listens on that specific port for incoming requests - noone lese will be forwarded to that listener, only requests with port 25 in the destination field of the TCP/IP header

If the server will listen to another port, that has to be told by the the server-company... but standard is 25 for SMTP

regards
Holger
0
 
LVL 8

Accepted Solution

by:
holger12345 earned 200 total points
ID: 12572962
Sorry.. didn't read the whole thing:

If you have a server that connects to another server, sometimes there will be connects to your server (on your port 25) and sometimes your server will connect to the other server (on the other side port 25).

As TCP/IP is a two-way connection, i assume the following:

>>SOURCE IP              PROTOCOL     DESTINATION IP
>>Otherserver.com:25       TCP              MyServer.com:3010
... means: you have connectet to the other, but now he is sending a packet to the initiator of the connection (YOU)

>>SOURCE IP              PROTOCOL     DESTINATION IP
>>Otherserver.com:1287       TCP              MyServer.com:25
... means: the other has initiated a connection to you and is sending traffic to you

Holger
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 12574857
The 25 port is the SMTP (Simple Mail Transfer Protocol). This port is used for SENDING e-mails. Your computer might or not accept a connection to this port considering either it's a smtp server or not. When you try to send an e-mail, your clients are connecting to a smtp server (on port 25). when your are downloading your e-mails from the server to the clients, then a pop3 server is used (port 110).

Now, if you are running an internal smtp server only you could actually use any port you want, both for smtp and pop3. The clients computers most be properly configured with this custom ports numbers however. But if you are running a public smtp server, changing the well-known ports number would be the same as running a public WebServer on another port than the standard 80. Can you imagine what would happen?

This was a simple explanation as I didn't focus on explaning what happens "behind the scenes"

Cheers.
0
 
LVL 1

Author Comment

by:Brian1
ID: 12585819
Thanks holger that clears it up!  :)

So the computer that initiates an email connection always connects TO port 25.
0
 
LVL 8

Expert Comment

by:holger12345
ID: 12587491
yes, but like raphael states: port 25 is only for the SMTP-protocol (sending messages)... if you check messages on the server you use POP3-protocol (port 110)...

... and to mix your brain: if a server wants to use another port, it may do so - but all people have to know, where to connect (as the 25/110 is a standard)
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question