SMTP port 25 blocked - what options do I have?

9 posts / 0 new
Last post
#1 Sun, 09/27/2015 - 12:53

SMTP port 25 blocked - what options do I have?

As I see a lot ISP's are blocking their routers on tcp port 25 but leave tcp port 587 to do SMTP/SMTPS job.

Virtualmin installs Postfix to listen on both ports 25 and 587.

1) If port 25 is blocked can I get email to/from outside on port 587 automatically? Are mail servers which communicate only on port 25?

2) Is it a good idea to use in router iptables for prerouting port 25 forwarding to port 587? In this way a mail server which uses only 25 port for delivering email and not 587 can deliver the message into the mail server.

Thank you.

Sun, 09/27/2015 - 22:43

We're on the same boat! I recently purchased a dev box for Virtualmin and the provider blocks port 25 across their network. Will check back on this for resolution.

Mon, 09/28/2015 - 10:08


What's your goal for your server? Do you need to be able to receive email from the outside world? Or are you just looking to send it? (I think you said both, but just making sure!)

Unfortunately, if your ISP blocks port 25, it's really not feasible to run a mail server which receives email... you'd likely need to go with an alternate provider for your server which doesn't block that port.

However, if you're purely looking to send mail, that could work.


Mon, 09/28/2015 - 10:21

I would like to do both things: sending and receiving email. Virtualmin will do the job for setting up Postfix/Dovecot combination.

I understand ISP's concern related to port 25 and authentication, but in my opinion this should be blocked only for OUTPUT not for INPUT. Port 587 can submit my emails, port 25 will get my emails (or 587 can do the came job?). There are some ISP's who can PREROUTING their routers to forward all destination 25 port to port 587. I did this scenarios in a VM and works great.

Any insides?

Mon, 09/28/2015 - 11:09


Ah, just to clarify -- are you saying incoming port 25 is not blocked, only outgoing port 25 is blocked?


Mon, 09/28/2015 - 12:28

In this moment port 25 is completely blocked. I am discussing with my ISP the idea of letting port open for incoming to my dedicated server and keep block for outgoing. I can do outgoing on port 587. If he doesn't agree I will make a new proposal for PREROUTING all port 25 coming to port 587. Is it a good idea? If this works and having no trouble with spam on my server, I can go further requesting for my IP open port 25.

Mon, 09/28/2015 - 13:33

In my opinion this 25 blocking is an artifact from the past when we could connect on this port and send email without authentication (sendmail or mail). If you connect on port 25 with Exim4/Postfix/Courier installed you cannot send anything.

Mon, 09/28/2015 - 20:23
Diabolico's picture

This is the reason why is not good to have the server at home. But if you mean ISP like hosting company then you have two options, talk with your host and see if he can open port 25 or go for external email service, like GoogleApps, Rackspace Webmail, etc.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Tue, 09/29/2015 - 01:01


Yeah if they open up incoming port 25, you could always route outgoing port 25 through your provider's email server.

But, without incoming port 25, there isn't much you could do.


Topic locked