SMTP over Port 25 and the Viability of Encryption

Discussion regarding the Standard version.
Post Reply
wessleym
Posts: 1
Joined: Wed Oct 11, 2017 9:17 pm

SMTP over Port 25 and the Viability of Encryption

Post by wessleym » Mon Oct 12, 2020 9:18 pm

Hi. I've been using MailEnable for a while, and I'm trying to get my SMTP settings just right. As all should, I'm trying to prevent my mail server from becoming an open relay. I'm also trying to keep my client's credentials protected and keep all communications encrypted as much as possible.
I'd like to allow only encrypted connections over TLS on port 587 for authenticated clients, but I think this causes problems with external servers that want to send my server since they don't know the credentials. So I need to allow for unauthenticated clients to send only to local addresses, and so I think I need to allow unauthenticated connections on port 25 for external senders. (Port 25, right? Not port 587 for external senders?)
But I'd still like users on my server who want to send mail to other servers to authenticate. So it seems like I need to prevent authentication on port 25 in one of two ways:
1. Prevent all authentication on port 25 so users can't repeatedly send their credentials in clear text. (SMTP Properties > Port Settings > SMTP Port > "Never allow authentication")
2. Force authentication over TLS on port 25. (SMTP Properties > Port Settings > SMTP Port > "Only allow secure authentication (using SSL or TLS)")

Which is better? I've attached my current settings. The biggest problem I have with these current settings is that I think a mail client could be allowed to authenticated while not being encrypted, meaning credentials would be sent in clear text.
Thanks!
Attachments
Port Settings.png
Port Settings.png (11.48 KiB) Viewed 3342 times

MailEnable-Ian
Site Admin
Posts: 9400
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SMTP over Port 25 and the Viability of Encryption

Post by MailEnable-Ian » Mon Dec 14, 2020 5:02 am

Hi,

Mail Servers use port 25 to send and receive emails. Therefore you need to set the default SMTP port to 25. You can set the authentication mode to "Only allow secure authentication (using SSL or TLS)" so that any email client authenticating on port 25 will be forced to authenticate securely.
Regards,

Ian Margarone
MailEnable Support

Post Reply