• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 131
  • Last Modified:

Are there special considerations for opening port 587 on a firewall?

Our ISP has required us to switch our SMTP traffic from port 25 to 587.  (Interesting note: We are a business with a business account.)

I have duplicated the STMP configuration lines in our firewall, replacing “SMTP” with “587”.  I think the port is now open.  

Someone claims they are not seeing traffic sent on port 587, and has asked us to prove it is not an issue on our firewall.  We are receiving traffic on port 587.  

Would there be additional steps after opening the port such as setting some kind of authentication or encryption in the firewall for port 587?
0
tmaususer
Asked:
tmaususer
  • 6
  • 5
2 Solutions
 
tmaususerAuthor Commented:
This is the config:

access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq smtp
 static (inside,outside) tcp interface smtp xxx.xxx.xxx.xxx smtp netmask 255.255.255.255

 access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq 587
 static (inside,outside) tcp interface 587 xxx.xxx.xxx.xxx 587 netmask 255.255.255.255
0
 
Jan SpringerCommented:
If you have a mail server and you are a business, you need port 25 open and your provider should  honor that.

If you don't have a mail server and you want to send outbound mail relayed through an external server, your provider may be asking you to send that mail via port 587 (the submission port).

At any rate, if the email is outbound only, your firewall shouldn't need to be changed.
0
 
tmaususerAuthor Commented:
Thank you,
They have refused.  They say they are doing this for all accounts - business and residential, weather or not they host our email or domain.  We have talked to them 5 times to verify.  Many people have said this is extreme.  
Yes, we host our own email server onsite.
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
Jan SpringerCommented:
Seriously, if you have an internal mail server, then change providers.

This is worse than ridiculous.
0
 
tmaususerAuthor Commented:
We want to.   Unfortunately, there are no options in the area.
0
 
Jan SpringerCommented:
So, between DSL, wireless, cable tv, ethernet, and ftth there is but one option?

I know some rural areas lack competition but -- no one else?
0
 
tmaususerAuthor Commented:
Well, we don't want DSL. I am going to check windstream and level 3.  Cable is monopolized by the same company giving us trouble.  what is ftth?  Would Ethernet be direct site to site?
0
 
Jan SpringerCommented:
fiber to the home.  and yes, ethernet, with or without switching, is site to site.

definitely call windstream and l3.

this company does not deserve your business.
0
 
tmaususerAuthor Commented:
we are a business
0
 
Jan SpringerCommented:
by "this company" i mean "your provider".
0
 
Jan SpringerCommented:
Opening port 587 is similar to opening port 25.

However, port 587 is the client submission port -- not the port to use as a mail transport agent speaking with other mail servers for the final delivery of email.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now