Overview
When setting up email configuration in Saner CVEM, selecting the correct SMTP port is essential for reliable and secure communication. SMTP (Simple Mail Transfer Protocol) uses multiple ports for different purposes such as mail submission, relaying, and encryption methods.
This article explains the difference between commonly used SMTP ports - 25, 465, 587, and 2525 and helps you choose the appropriate one for your setup during the Saner mail configuration.
1. Port 25 – SMTP Relay (Server-to-Server Communication)
Purpose:
Used for mail relay between mail servers (MTA to MTA communication).
Encryption:
Supports STARTTLS, but encryption is optional.
Typical Usage:
Used by mail servers to send emails to other mail servers.
Not intended for end-user mail submission.
Limitations:
Most ISPs and cloud providers block outbound Port 25 to prevent spam.
Recommendation:
Use Port 25 only for server-to-server delivery within trusted networks.
For email submission from clients, use Port 587 or 2525 instead.
2. Port 465 – SMTP Over Implicit SSL (Legacy)
Purpose:
Originally designated for SMTPS, where encryption starts immediately after connection.
Encryption:
Uses Implicit SSL/TLS.
Status:
Port 465 was deprecated but later reinstated under RFC 8314 for legacy support.
Usage:
Still supported by some older or third-party mail servers.
Recommendation:
Use Port 465 only if your email provider does not support Port 587.
3. Port 587 – SMTP Submission (Recommended Standard)
Purpose:
The official port for authenticated email submission from clients (MUA) to mail servers (MSA).
Encryption:
Uses STARTTLS for secure transmission (explicit TLS).
Standard:
Defined under RFC 6409 as the standard for message submission.
Usage:
Supported by all major email providers - including Gmail, Outlook, Microsoft 365, and others.
Recommendation:
Always use Port 587 for secure, standards-compliant, and reliable email submission.
4. Port 2525 – Alternate SMTP Submission (Non-Standard)
Purpose:
A non-standard alternative used when standard SMTP ports (25 or 587) are blocked by ISPs or firewalls.
Encryption:
Supports STARTTLS.
Usage:
Widely offered by providers such as SendGrid, Mailgun, and Google Workspace.
Recommendation:
Use Port 2525 as a fallback option if Port 587 is not available.
Comparison Summary
| Port | Encryption | Purpose | Standard / RFC | Recommendation |
|---|---|---|---|---|
| 25 | Optional STARTTLS | Mail relay (Server-to-Server) | RFC 5321 | Internal use only |
| 465 | Implicit SSL/TLS | Legacy submission (SMTPS) | RFC 8314 | Use if 587 unsupported |
| 587 | STARTTLS (Explicit TLS) | Secure mail submission | RFC 6409 | Recommended |
| 2525 | STARTTLS (Non-standard) | Alternate submission | Non-standard | Fallback option |
Best Practices
Use Port 587 with STARTTLS for modern and secure email submission.
If your network blocks Port 587, use Port 2525 as an alternative.
Avoid Port 25 for client connections, as it is frequently blocked by ISPs.
Use Port 465 only when explicitly required by your email service provider.
Conclusion
Selecting the right SMTP port is crucial for ensuring secure and reliable email delivery. Port 587 is the recommended standard for client submissions, offering wide compatibility and encryption via STARTTLS. Port 2525 serves as a reliable fallback, while Port 465 should be used only for legacy systems. Port 25 remains primarily for server-to-server communication and should not be used for end-user submissions.
Following these guidelines helps maintain email security, reduces delivery issues, and ensures compliance with modern standards. If you have any questions regarding Saner mail configuration, please reach out to the SecPod Support team for assistance.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article