Does all SMTP communication happen over 25? [closed]

Question

Does all SMTP communication send emails between domains on port25? Is all communication unsecured? Understand that using like Gmail communication is secured to Gmail server but after it must use unsecured port 25, right?

SMTP can be on any port, but that is not what i am talking about. I am not talking about connecting to Gmail, Yahoo or ISP SMTP server. Those are the SMTP relays and they accept SMTP requests on any port they wish encrypted/unencrypted for their user.

But once SMTP relay server gets request, mail server forwards it to email based on domain name MX record. Does it only use SMTP on port 25? The mail server has only knowledge of domain name and then forwards it. It can not know which port they are listening.

For example, I am hosting an Exchange server 2007 for my domain. I connect to my Exchange server to send mail to [email protected]. My exchange server must be doing communication over industry standard protocol, right? And that's port 25 (as my Exchange server didn't work without port 25).

Answer 1

Thought I would step in here, since I write email software for a living.

There are two common scenarios for SMTP traffic: 1)Server To Server and 2)Client to Server.

1)Server to Server All public server to server email communication takes place over port 25. If you want your domain to receive email from other domains, then you have to accept SMTP traffic at port 25. This is unsecurred. It's sent as clear text. There are ways of encoding the specific message, but as far as the traffic, it is sent as ascii text (obviously in binary format). But, it is not sent over SSL.

There is also some private server to server communication that can take place. This might take place in large organizations, where they might have the internal corporate server that every one uses. When you send an email, it is sent to the corporate server, but then this corporate server forwards the email off to a public facing server. That public facing server sends the email off to a receiving server. That receiving server is accepting email at port 25.

2)Client to Server. This has more options. On the server you can configure different submission ports (open ports you will accept email on). These can be anything you want them to be. You just have to remember to tell your users to configure the client software correctly. The most common ports are 25 and 587. A lot of ISPs will block outgoing port 25 (since that is what spam bots use -- to send to public mail servers). But, they have 587 open so you can send email to your SMTP server. The common port for SMTP over SSL is 465.

Obviously, this can get a lot more complicated, and I've left out a good bit of detail, but that's it in a nutshell.