Solved

Are there special considerations for opening port 587 on a firewall?

Posted on 2016-10-28
11
15 Views
Last Modified: 2016-11-16
Our ISP has required us to switch our SMTP traffic from port 25 to 587.  (Interesting note: We are a business with a business account.)

I have duplicated the STMP configuration lines in our firewall, replacing “SMTP” with “587”.  I think the port is now open.  

Someone claims they are not seeing traffic sent on port 587, and has asked us to prove it is not an issue on our firewall.  We are receiving traffic on port 587.  

Would there be additional steps after opening the port such as setting some kind of authentication or encryption in the firewall for port 587?
0
Comment
Question by:tmaususer
  • 6
  • 5
11 Comments
 

Author Comment

by:tmaususer
ID: 41863828
This is the config:

access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq smtp
 static (inside,outside) tcp interface smtp xxx.xxx.xxx.xxx smtp netmask 255.255.255.255

 access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq 587
 static (inside,outside) tcp interface 587 xxx.xxx.xxx.xxx 587 netmask 255.255.255.255
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points (awarded by participants)
ID: 41863859
If you have a mail server and you are a business, you need port 25 open and your provider should  honor that.

If you don't have a mail server and you want to send outbound mail relayed through an external server, your provider may be asking you to send that mail via port 587 (the submission port).

At any rate, if the email is outbound only, your firewall shouldn't need to be changed.
0
 

Author Comment

by:tmaususer
ID: 41863870
Thank you,
They have refused.  They say they are doing this for all accounts - business and residential, weather or not they host our email or domain.  We have talked to them 5 times to verify.  Many people have said this is extreme.  
Yes, we host our own email server onsite.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 500 total points (awarded by participants)
ID: 41863957
Seriously, if you have an internal mail server, then change providers.

This is worse than ridiculous.
0
 

Author Comment

by:tmaususer
ID: 41863961
We want to.   Unfortunately, there are no options in the area.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41863974
So, between DSL, wireless, cable tv, ethernet, and ftth there is but one option?

I know some rural areas lack competition but -- no one else?
0
 

Author Comment

by:tmaususer
ID: 41863981
Well, we don't want DSL. I am going to check windstream and level 3.  Cable is monopolized by the same company giving us trouble.  what is ftth?  Would Ethernet be direct site to site?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41863992
fiber to the home.  and yes, ethernet, with or without switching, is site to site.

definitely call windstream and l3.

this company does not deserve your business.
0
 

Author Comment

by:tmaususer
ID: 41863994
we are a business
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41863997
by "this company" i mean "your provider".
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41889425
Opening port 587 is similar to opening port 25.

However, port 587 is the client submission port -- not the port to use as a mail transport agent speaking with other mail servers for the final delivery of email.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Access ACCDE without Encryption 1 25
Cisco ASA VPN Client Routing 8 40
Cisco WRVS4400N 11 37
Cisco Wireless Access Controller 3 11
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question