Change Outgoing Server Port Mail Client Manual Settings

Ryan Burke

Member
PartnerNOC
Feb 4, 2017
9
3
53
Tampa, Fl
cPanel Access Level
DataCenter Provider
I know that both 465 and 587 are available, but I am trying to get my client to use 587 over 465, but can't get the port to display in the manual settings. Is there a step I am missing? I've already switched Exim to not provide 465 as a port, which works fine when it's set, but I am trying to get the displayed settings to reflect this.

Thanks for any pointers!
 

Attachments

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,304
363
Houston
Hello
In WHM > Exim Configuration Manager > Advanced Editor > daemon_smtp_port
All that does is specify which ports the Exim Daemon listens. That does not dictate what is shown in the Mail Client Configuration page which is not modifiable. The port 587 while usable with TLS using STARTTLS it is not a straight SSL port like 465 is and as such isn't shown for the Secure SSL/TLS Settings. This is detailed here:

SMTP protocol: smtps (port 465) v. msa (port 587)
Ports 465 and 587 are intended for email client to email server communication - sending out email using SMTP protocol.

Port 465 is for smtps
SSL encryption is started automatically before any SMTP level communication.

Port 587 is for msa
It is almost like standard SMTP port. MSA should accept email after authentication (e.g. after SMTP AUTH). It helps to stop outgoing spam when netmasters of DUL ranges can block outgoing connections to SMTP port (port 25).
SSL encryption may be started by STARTTLS command at SMTP level if server supports it and your ISP does not filter server's EHLO reply (reported 2014).
 

Ryan Burke

Member
PartnerNOC
Feb 4, 2017
9
3
53
Tampa, Fl
cPanel Access Level
DataCenter Provider
All that does is specify which ports the Exim Daemon listens. That does not dictate what is shown in the Mail Client Configuration page which is not modifiable. The port 587 while usable with TLS using STARTTLS it is not a straight SSL port like 465 is and as such isn't shown for the Secure SSL/TLS Settings. This is detailed here:



Then something else must be going on, because a telnet to 465 (while it does accept the connection) does not produce a 220 or any other SMTP activity, and an EHLO does not give a response either, it just drops with any SMTP commands sent...



edit:
This was pointed ot me by a colleague, from just 7 days ago...

Summary

To summarize,
- SMTP port 587 is one of the best choices for nearly every use case for connecting to Pepipost


  • Port 25 is the default port used for relaying
  • Port 465 should no longer be used at all
  • Port 2525 used when all other port is blocked
And this one is from 2015:

Summary

To summarize, the recommendation is that:
  • port 587 should only be used for submissions (i.e., mail client to mail server),
  • port 25 should only be used for relaying (i.e., mail server to mail server communications), and
  • port 465 should no longer be used at all.
Although not all email service providers adhere to these recommendations, these are idealisations that we should all be working to achieve in order to eliminate the confusion surrounding SMTP port configuration.

If 465 worked, i guess it wouldn't be an issue. But it's not, and I've scoured for something as to why in the settings. But if it's not even recommended to use, why would I?

I still am in need of a way to change what is displayed in the manual settings info though...
 
Last edited:

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,304
363
Houston
Then something else must be going on, because a telnet to 465 (while it does accept the connection) does not produce a 220 or any other SMTP activity, and an EHLO does not give a response either, it just drops with any SMTP commands sent...
Are you using openssl to connect? Telnet doesn't connect securely.

Code:
openssl s_client -crlf -connect hostname:465
If 465 worked, i guess it wouldn't be an issue. But it's not, and I've scoured for something as to why in the settings. But if it's not even recommended to use, why would I?
465 does and should work with SSL connections - if it's not then I'd wager somewhere there is a configuration issue. 587 is the standard though with STARTTLS and 465 the standard for SSL - the reason for the confusion with 465 is discussed in RFC8314 RFC 8314 - Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access

Although STARTTLS on
port 587 has been deployed, it has not replaced the deployed use of
Implicit TLS submission on port 465.
I still am in need of a way to change what is displayed in the manual settings info though...
As I mentioned previously, this is non-modifiable at this time. There is a feature request here: https://features.cpanel.net/topic/ability-to-customise-the-mail-client-configuration-page-in-cpanel which I'd suggest you vote on if it's something you'd like to see in a future version of cPanel/WHM