Why Do I Need To Enable Port 25 If I am Sending Emails Over 587 Using Postfix And Mailwizz Client

I am using my postfix smtp to send ONLY outgoing emails. It will not receive incoming messages. I have my mailbox at Namecheap for that.

I use a client called Mailwizz to connect my Postfix SASL user credentials. This happens on port 587.

I ran a test and the emails deliver without issues.

Question: If I am sending emails using port 587 on Mailwizz, why do I need to allow port 25 in my firewall? What would happen if I disable port 25?

Also, I am confused if I should allow port 587 AND/OR listening via TCP.

Do I run these two commands:

sudo ufw allow 587

sudo ufw allow 587/tcp

Or just one suffices? If so, which one?

3 Replies

Hi there,

Beginning Tuesday, 5 November, 2019, in an effort to fight spam, outgoing mail traffic from new Linode accounts with destination ports 25, 465, and 587 are restricted by default (see our blog post here for more information).

When you run sudo ufw allow 587, you are opening up port 587 to incoming traffic on your Linux machine. This is useful if you want to allow email clients or other devices to connect to your email server using SMTP submission on port 587.

When you run sudo ufw allow 587/tcp, you are explicitly allowing incoming TCP traffic on port 587. This is a common configuration when you want to permit email clients and other devices to connect to your email server using SMTP submission over TCP on port 587.

sudo ufw allow 587:

This command allows incoming traffic on port 587 without specifying the protocol. By default, UFW assumes that you want to allow traffic using the TCP protocol when you use a port number without specifying a protocol.

The major difference between these both commands is that for many common services, including email submission (SMTP submission) on port 587, the protocol used is indeed TCP. Therefore, sudo ufw allow 587 is typically sufficient for allowing email traffic on this port whereas sudo ufw allow 587/tcp command explicitly specifies the protocol as TCP while allowing incoming traffic on port 587. It is essentially the same as the first command but leaves no room for ambiguity regarding the protocol.

So when you will use TCP with the command as mentioned above as When data will be sent, the sender expects acknowledgments from the receiver. If an acknowledgment is not received, the sender assumes the data was not delivered and retransmits it so TCP acts as a protection layer for while sending your data.

Thank you but my first question wasnt addressed unfortunately causing another round of a follow up reply.

If I can send emails over 587 without issues and they get delivered why do I need port 25 open? It doesnt matter if Linode blocks this port for me because I am connected to an email client and the relevant port for that is 587.

Do I still need port 25 open and if not will it cause deliverability issues?

I think I found a SuperUser forum post that answers your last question:

If your server is setup to only send outgoing and not receive incoming mail, you shouldn't need to open port 25.

We administer all three ports together to help eliminate the need for making multiple requests for individual ports. If your use case changed or your forgot to request a specific port, it saves you the time of making another SMTP request in the future.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct