Is port 25 insecure? SMTP ports for Exchange and smarthost

I'm going through some stuff with getting smarthost and Exchange
Port requirements are that port 25 is opened between the Hub Transport servers and the Smart host.
question is, is that secure? Can't the traffic passing between be picked up with a sniffer?
Is there a different port you should use for passing traffic?
The Smarthost and Exchange seem to be hardcoded for port 25, though.
garryshapeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yo_beeDirector of Information TechnologyCommented:
Port 25 does not use secure encryption.
Port 465 and 587 use SSL or TLS to send mail with encryption.

Here is a link that outlines and explains it in more details
 http://blog.mailgun.com/25-465-587-what-port-should-i-use/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garryshapeAuthor Commented:
Ok so as long as TLS is selected on the proofpoint and available on the receive connector in the Hub Transport, it should be encrypted?
But then I don't think it'd be using those ports because they're not opened on the firewall.
rindiCommented:
It's not the port number that is open which makes it insecure or not. Any open  port is insecure compared to a closed port.

Many common services have been assigned standard port numbers, for example the ftp service's port is 21, and that of smtp is 25, so attackers will usually try to attack each of those ports against that service. That doesn't mean you have to use that port for your service, but moving it to another port isn't that much more secure, because sniffers will generally scan all the ports and find which ones are open.

So if you just change your SMTP port to 465, you',ll still only be using SMTP and it will be as insecure as before. In order to get the higher security you'd rather have to use SMTPS which adds TLS/SSL to the SMTP protocol and by default uses port 465.
Will SzymkowskiSenior Solution ArchitectCommented:
You also need to be aware that both Sending and Receiving Servers need to have TLS enabled and in place for communication to happen over 465.

Will.
AmitIT ArchitectCommented:
By default TLS is enabled on your default connectors. So, all communication in Exchange is secure. You can check connector setting and you will see TLS is enabled under authentication.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.