Back to Community Threads
2
What ports/bindings do you use for your SM install?
Question asked by Adam - 7/3/2020 at 10:12 PM
Unanswered
Hi all,

I'm going to revamp some of the ports & bindings for my SM server...and was wondering what ports and what security layer type (SSL or TLS) you use for each?

I had a look at KB article and also through Google - but there doesnt seem to be an absolute industry standard, but want to get as close as possible as to what all devices will work best for, so your opinions would be helpful. 

Thanks in advance!

5 Replies

Reply to Thread
2
Sébastien Riccio Replied
7/3/2020 at 10:28 PM
Hi, we use:

25 - SMTP (TLS)
110 - POP (TLS)
143 - IMAP (TLS)
465 - Submission (SSL)
587 - Submission (TLS)
993 - IMAP (SSL)
995 - POP (SSL)

I think this ports layout is kinda the standard ports configuration for a mail service.

Note: The TLS ports accept both clear and secure connections (explicit TLS using STARTTLS). The SSL ports accept only secure connections (implicit SSL).
Sébastien Riccio System & Network Admin https://swisscenter.com
4
echoDreamz Replied
7/4/2020 at 1:04 AM
I wish we could enforce TLS on certain ports. We had a law firm that complained that our server wasnt passing their security scans because 587 accepts both unauthenticated mail as well as non-TLS connections.
3
Sébastien Riccio Replied
7/4/2020 at 9:26 PM
Yes, echoDreamz, it would really need to have a toggle for TLS ports (not needed/irrelevant for SSL and standard ports), something like "Allow AUTH without TLS" or "Require TLS for AUTH".
Sébastien Riccio System & Network Admin https://swisscenter.com
1
Urs Replied
7/17/2020 at 3:44 AM
In addition to Sébastien to notice:

Open additionally those ports on server firewall if required:
80 - http
443 - https
5222 - XMPP if required
389 - LDAP if required

And as recommendation:
Use for outgoing mail a separate IP(or another Gateway-Server with switchable IP's), so in case of blacklisted server IP address you can switch to a clean IP
0
Ionel Aurelian Rau Replied
7/17/2020 at 6:39 AM
Can you please provide more info on port 389 (LDAP) for SmarterMail? Do clients over the Internet need to be able to access the SmarterMail server over port 389?
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Configure SSL/TLS to Secure SmarterMailSmarterMail > Server Configuration and Management
Cannot Receive Mail MessagesSmarterMail > Troubleshooting
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management