how to switch from outgoing port 25 to 587 in postfix

laplasz

4/9/24, 10:47 PM

I would like to send a mail to a gmail address:

echo "This is the body of the email" | mail -s "This is the subject line" [email protected]

That is what I see in the logs

connect to gmail-smtp-in.l.google.com[142.250.27.27]:25: Connection refused
connect to gmail-smtp-in.l.google.com[2a00:1450:4025:401::1a]:25: Network is unreachable
connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:4025:c03::1a]:25: Network is unreachable
connect to alt1.gmail-smtp-in.l.google.com[142.251.9.27]:25: Connection refused
connect to alt2.gmail-smtp-in.l.google.com[142.250.150.27]:25: Connection refused
Apr  9 20:04:02 ubuntu postfix/smtp[157056]: 228717CAA0: to=<[email protected]>, relay=none, delay=0.22, delays=0.09/0.09/0.04/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.150.27]:25: Connection refused)

tried to test this destination with netcat and the result was the same:

ubuntu@ubuntu:~$ nc -zvn 142.251.9.27 25
nc: connect to 142.251.9.27 port 25 (tcp) failed: Connection refused

then I checked the port 587 with the following command - which went ok:

ubuntu@ubuntu:~$ openssl s_client -connect smtp.gmail.com:587 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = smtp.gmail.com
verify return:1

so I tried to force postfix to use encryption according to this so modified the main.cf:

smtpd_tls_security_level=encrypt
smtp_tls_security_level=encrypt

but still trying to use port 25 which is blocked. So my question is that how can I force postfix to use different port from 25 to be able to send outgoing mails?

377

1 + 0

smtp

postfix

Score:3

Server

vidarlo

4/9/24, 10:56 PM

but still trying to use port 25 which is blocked. So my question is that how can I force postfix to use different port from 25 to be able to send outgoing mails?

You can't.

Or well, you can force Postfix to do that. But the rest of the world expects e-mail to come via port 25. Using port 587 won't work - that's for authenticated submissions (hint: the port is named that) from client software. Not for SMTP server to SMTP server communication.

You have to tell your ISP to open port 25. Any business ISP should cater to such a request.

+ 2

laplasz

4/10/24, 10:24 AM

so I would like to send a mail towards gmail not using remote port 25 - I think smtp gmail listens on other ports as well, like 587 - so should I send mail with submissions then? thx

vidarlo

4/10/24, 10:32 AM

No! Talk with your ISP and tell them to open port 25. Noone expects incoming e-mail on port 587, that is for ***CLIENT***, e.g. end user, submission of mail. Again: Read the *first* sentence of my answer.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: how to switch from outgoing port 25 to 587 in postfix

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.