2006/06/14 - Change In Mail Submission Best Practice
The use of port 25 for the submission of e-mail is now officially deprecated. In line with international best practices, we recommend that users make use of the submission port (port 587) for all outgoing e-mail.

The submission port only accepts authenticated submission over TLS. This means that, in addition to changing the port numbers, users should configure their mail user agents (Pegasus Mail, Outlook, etc) to use a secure/encrypted connection and send their username and password before attempting to deliver e-mail.

Since some clients (most notably Outlook Express) don't yet properly implement the submission standard, we also accept e-mail submission via SMTPS (secure SMTP) on port 465. This is in line with the practices of other major providers (such as, for example, Google mail). This port also requires the use of encryption, but authentication within Rhodes's local network is currently optional.

We will continue to accept e-mail submission using port 25 on for the time being, and until such time as the majority of e-mail clients in use on campus adopt port 587 as standard. Users are encouraged, however, to adopt the new settings on any new installations.

Users are also discouraged from using external ISP's mail transport or submission agents to send e-mail from their or e-mail address. This is in line with current best practices for SPAM prevention -- at some point in the future it is likely that e-mail sent in this way will be classified as SPAM.

In line with this approach, we've also allowed outgoing port 587 through our Internet firewalls. This means that users at Rhodes who make use of other service provider's e-mail services, such as Google Mail, may (and should) make use of their provider's submission services. It is our intention to allow outgoing port 587 from the residence network during the course of the upcoming vacation.
Two minor changes to this:-
  • We will now accept clients using the submission port without TLS, provided they can authenticate using the CRAM-MD5 mechanism. This should help things like mobile devices such as cell phones that don't fully implement SMTP authentication and TLS.
  • CRAM-MD5 authentication actually works (there was a small typo - a missing dollar sign - in the config that caused CRAM-MD5 authentication to always fail). This will allow clients like Pegasus Mail to authenticate properly.