Web lists-archives.com

Re: exim4 and TLS Once Again




On Wed, May 30, 2018 at 06:22:49PM -0500, David Wright wrote:
AIUI 587 is the standard email submission port and 465 is now
deprecated but often still in use. I think they differ in the
details of how they handle encrypting the session.

From a protocol standpoint 587/tcp is identical to 25/tcp, with the
distinction that it is designated for a end-users to submit messages for delivery rather than accepting mail for delivery from external mail relays. The expectation is that there is authentication of the submission, either via allowed IPs, SMTP AUTH, or some other mechanism. Networks can block port 25 to reduce spam originating from the network, but allow 587 for visitors to submit email to their provider for delivery. Encryption is activated with STARTTLS.

465/tcp was at one time assigned to SMTP over TLS; that is, it is an alway-encrypted channel like 443/tcp rather than a clear text channel with encryption upgrade via STARTTLS. 465/tcp has been reassigned to another protocol (a stupid decision, but that's water under the bridge) and really shouldn't be used anymore. It would be a very old or odd installation that supported only 465/tcp and not 587/tcp.

Mike Stone