Is it possible to change the Smartermail SMTP Outbound from Port 25 to Port 587
Question asked by Manuel Martins - 2/8/2024 at 12:09 PM
After a few years running an Outbound Gateway on an Azure VM with almost any issues today unfortunatly Microsoft Blocked the SMTP Port 25 on our VM machine and after today SM can't send emails to other servers accross the internet because of this Block.

I Openned a ticket with Microsoft aksking them to reconsidered and re-open Port 25 but they said its a security matter and they cannot open SMTP Port 25 for security reasons.

Is there a way to reconfigure SM SMTP-OUT to send emails out using the TCP Port 587 with SSL instead ??

Can anyone help please ?

Many Thanks.

7 Replies

Reply to Thread
Zach Sylvester Replied
Employee Post
Hey Manuel, 

Sorry to hear about that. Servers do not accept SMTP connections on ports other than 25, so if you tried to send to Gmail using 587, it wouldn't work. I recommend migrating to another host or looking into using an Outbound Gateway. With an Outbound Gateway, you can send the mail to them over port 587 and they can relay it to the remote servers using port 25. 

I hope this helps. 

Kind Regards, 
Zach Sylvester System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
Ron Raley Replied
Microsoft Azure blocks port 25 on all VMs by default. You may unblock it by creating an Azure Support Request. 
Manuel Martins Replied
Hi Zach,
Thanks for your quick reply.

If Servers do not accept SMTP connections on ports other than 25, why do Microsoft recomend us to change to Port 587 ??

  • Use authenticated SMTP on port 587, which is not blocked. 

And CloudFlare ?

Across the Internet almost every post recommends the use of Port 587 with SSL. If so Its stange that Servers do not accept SMTP connections on ports other than 25 !??

Kind Regards.
Manuel Martins Replied
Already did thar Ron Raley and the answer was :

Please be informed that port 25 can only be enabled for Enterprise customers and it can’t be enabled on Pay-as-you-Go subscriptions. Earlier Microsoft allowed other subscription types to use port 25 but the policy has been changed  and based on our current policies, only Field Led (FL) and Enterprise Agreement (EA) customer subscription channel types can have Port 25 open by default. This policy is in place to prevent spam and ensure the security and reliability of our services. 
J. LaDow Replied
I know 3rd party is not the route you want to go - but SMTP2GO will receive your inbounds on one of half-a-dozen ports they have open and run delivery -- prices are very reasonable - support is fast - and they have a viable system for handling SPF and DKIM/DMARC.

They'll work in a pinch till you get sorted on a host. AWS still opens port 25, FWIW.

(not a paid endorsement on either - just that we've used both companies for years without issue) --
MailEnable survivor / convert --
Douglas Foster Replied
I have to agree with Microsoft on this one.   There are two legitimate configurations for cloud hosting:
(1) email hosting systems which enforce good behavior by restricting the system administrator to a "control panel" environment, and
(2) "bare-metal" hosting systems that can do most anything the client wants except use outbound port 25.

When a bare-metal server is not restricted, the spammers buy in.   Then they start spamming with false identities for both the SMTP Mail From address and the message From address.    Once the attack is detected, the evaluator's only defense is to block the hosting service's IP address or server domain name.   Either way, the hosting service gets the black eye.    This attack scenario has happened to me four times in the last year, three times from the same hosting service.   I have suggested strongly, to both hosting services, that they need to implement port 25 restrictions ASAP.

The point of forcing you to use 587 is to force your web server or other non-email application to log onto a mail store server using an authenticated connection, either authenticated SMTP or whitelisted IP address.  Once that is done, the integrity of your message is the responsibility of the mail store server.   If the mail store server is provided by the hosting service, their control panel ensures that you cannot harm their reputation.   If you use a server off their network, the behavior of that server cannot harm the first vendor's reputation.    If you don't want to connect to a mail store server, the alternative is to log onto an email service provider like Sendgrid.net.   This accomplishes the same goal, of preventing impersonation fraud, but you can connect using authenticated API calls instead of authenticated SMTP.

Manuel Martins Replied
Many Thanks for sharing you experience and point of view Douglas, i'm more convinced now!

Reply to Thread