Our ISP Wants Us to Switch our SMTP Port - what options are there?
Our ISP wants their customers to switch their SMTP port from 25 to 587. They have only given us a three week notice. Come the end of October, they say they will be blocking all port 25 traffic flowing through their servers, even if they do not host our email.
One idea we have, is to port forward SMTP traffic leaving our network from port 23 to port 587. Is this possible? Would a certificate be required? We have an SSL certificate we have entered into Exchange, but I don't know if that is related.
We are told that many other servers are not setup to accept mail on port 587 (or something to that affect), and that our email would not be successfully accepted. It sounds like we may need a third party service to switch our SMTP protocol back to port 25, and then forward it to servers that expect port 25 traffic.
What options do we have?
One idea we have, is to port forward SMTP traffic leaving our network from port 23 to port 587. Is this possible? Would a certificate be required? We have an SSL certificate we have entered into Exchange, but I don't know if that is related.
We are told that many other servers are not setup to accept mail on port 587 (or something to that affect), and that our email would not be successfully accepted. It sounds like we may need a third party service to switch our SMTP protocol back to port 25, and then forward it to servers that expect port 25 traffic.
What options do we have?
John
You should not be using Port 25 because it will be used for spam. You should switch to Port 587 as they request. That is what I see in use everywhere.
So, can I use port forwarding.
So once we switch our side to port 587, will other servers have any problems receiving our email?
Port 587 is for sending. Port 995 is for receiving. Once switched it should work.
Just curious, is it the responsibility of the email host or the ISP to block ports?
They are controlling spam.
I mean, in my Cisco firewall, can I use port translation to have all my out going email sent through port 587, or are there other considerations to be made in Exchange?
Who is controlling spam?
Spammers use Port 25 to send out spam and get you Blacklisted.
If your ISP starts blocking ALL traffic on port 25, that does mean that server to server traffic will be blocked and your email will not be sent to outside servers. They block port 25 mostly for spam reasons but also because they don't want the extra server traffic on a residential account. Most ISPs have a 'business' account available where port 25 traffic is allowed.
ASKER
Thanks Dave. We do have a business account.
Then you need to talk to them again and point out that you are hosting an email server which requires port 25 to talk to other email servers. Which ISP is this?
ASKER
I'm talking to them now. I have talked to them 3 other times. On this call, It seems they my be confusing business and residential and that they were also assuming we used their domain name.
Oh my... The first people you talk to are 'phone answerers whose job is to prevent you from 'bothering' important people. Only when you get past them do you have any chance of getting a reasonable solution. I did say 'chance'.
ASKER
My ISP is Comporium. I did get a reply last night. They said that even thought I am a business and that they do not host my domain or email, that I will still need to change my ports. Below is there reply. So, what steps do I need to take, simply change the port number for outgoing email in Exchange?
"After speaking with SpiritDomains and our own Media Services department, I have found that we do not host the @tm-america.com
But, I spoke with our networking department and to my understanding they are blocking port 25 for all activity on our network. The reason for this is that we have had offenders spamming
through that port due to it being insecure and effectively having our entire subnet blacklisted by a lot of different domains. Which was causing particular businesses to not be able to communicate on our network.
Because of this you will have to switch all port forwarding (or any clients using port 25) to a secure connection on another port (such as 465)
If you have any questions please contact us at the number below."
"After speaking with SpiritDomains and our own Media Services department, I have found that we do not host the @tm-america.com
But, I spoke with our networking department and to my understanding they are blocking port 25 for all activity on our network. The reason for this is that we have had offenders spamming
through that port due to it being insecure and effectively having our entire subnet blacklisted by a lot of different domains. Which was causing particular businesses to not be able to communicate on our network.
Because of this you will have to switch all port forwarding (or any clients using port 25) to a secure connection on another port (such as 465)
If you have any questions please contact us at the number below."
You can change the incoming port number for your clients but just changing the outgoing port number is not a solution as far as I know. I think you still have to connect to port 25 at the remote email server.
We have a hardware firewall policy preventing anything / anyone but Exchange using port 25.
ASKER
Dave, thanks.
Yes, that is what we are hearing.
We are told that our spam filter service can also provide something called Smart Hosting that will automatically forward our out outgoing emails from port 587 to the correct port on the receiving server. Do you think this is an appropriate option?
I have been confused by the response below, which I know you didn't make.
When I asked, "So once we switch our side to port 587, will other servers have any problems receiving our email?"
The reply was:
"Port 587 is for sending. Port 995 is for receiving. Once switched it should work."
Yes, that is what we are hearing.
We are told that our spam filter service can also provide something called Smart Hosting that will automatically forward our out outgoing emails from port 587 to the correct port on the receiving server. Do you think this is an appropriate option?
I have been confused by the response below, which I know you didn't make.
When I asked, "So once we switch our side to port 587, will other servers have any problems receiving our email?"
The reply was:
"Port 587 is for sending. Port 995 is for receiving. Once switched it should work."
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good idea, thanks! I did email the guy who was involved in setting up the network. He said this isn't a simple matter. I'm going to make a list of steps I think I need to take and post it. Maybe you can help me see what I am overlooking or chasing my tail?
ASKER
I have made a list of steps I think I have to completed to successfully transition to port 587.
Could you let me know where I am barking up the wrong tree or completely overlooking something important?
1. Run the shell command to switch outgoing mail to port 587.
2. Change the port number in the SMTP Virtual Server.
3. Change the port number in scripts or programs that specifically state port 25.
a. Do I even need to worry about this internal to my network?
4. Notify our third party spam filter to enable something like Smart Hosting so that our outgoing email can be switched back from port 587 to port 25 for receiving servers that require port 25.
Could you let me know where I am barking up the wrong tree or completely overlooking something important?
1. Run the shell command to switch outgoing mail to port 587.
2. Change the port number in the SMTP Virtual Server.
3. Change the port number in scripts or programs that specifically state port 25.
a. Do I even need to worry about this internal to my network?
4. Notify our third party spam filter to enable something like Smart Hosting so that our outgoing email can be switched back from port 587 to port 25 for receiving servers that require port 25.
I think the steps should work. As I noted, we block the use of port 25 at our hardware firewall except for legitimate (known) use.