none
Can I use a different port (than 25) for my Office 365 Exchange Online Protection to my on premise server? My ISP is blocking port 25.

    Question

  • I cannot seem to find a way to get SMTP working with my ISP who just a few days ago decided to block port 25 and claim they are not blocking any ports.  I have replaced every piece of equipment (modem, router, switches, etc.) as tests and I cannot telnet on port 25 to an outbound server, or telnet port 25 to my inbound server, but opening port 26 and also port forwarding 26 to 25 internally works fine (both cases).  To get around this, I need to setup a connector and specify either ONLY TLS connection and not port 25 at all, or some other port entirely without TLS.  At this point I'd be happy to just get my email working again - even if it means using a VPN service to encrypt the port 25 traffic (which does work, but not ideal!)

    Thanks in advance!

    Monday, August 8, 2016 8:25 PM

Answers

  • Well I guess the answer is:  "No you cannot change the port that EOP uses to communicate with an on-premise server".  Not what I wanted to hear... :/
    • Marked as answer by Erik Tank Monday, August 15, 2016 4:24 AM
    Monday, August 15, 2016 4:24 AM

All replies

  • If you have a business class contract and static IP with your ISP, then this shouldn't be an issue. Is that not the case?


    Blog:    Twitter:   

    Monday, August 8, 2016 10:02 PM
  • sorry - to clarify: I have a dynamic home ISP that I run my test exchange server on.  However I cannot access ANY SMTP server remotely (to configure/test/etc.) which is a bigger problem but irrelevant to this case really.  My ISP is "looking into it" but it will be a few days apparently.  :/

    I use dyndns currently (paid) and have a paid EOP account.  I'm just looking for a way to make EOP use something other than port 25.

    Tuesday, August 9, 2016 12:24 AM
  • sorry - to clarify: I have a dynamic home ISP that I run my test exchange server on.  However I cannot access ANY SMTP server remotely (to configure/test/etc.) which is a bigger problem but irrelevant to this case really.  My ISP is "looking into it" but it will be a few days apparently.  :/

    I use dyndns currently (paid) and have a paid EOP account.  I'm just looking for a way to make EOP use something other than port 25.

    I dont think so. It assumes and requires port 25 on the EOP side.

    Blog:    Twitter:   

    Tuesday, August 9, 2016 11:13 AM
  • I'm trying to find out for sure ... why does it NEED 25 when it should be using 465 and 587 for encryption anyway? This is driving me crazy.
    Wednesday, August 10, 2016 12:32 AM
  • Hi,

    We need port 25 for mail flow between On-premise and Exchange Online, and it's required. For your reference:
    https://technet.microsoft.com/en-us/library/hh534377%28v=exchg.150%29.aspx


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Wednesday, August 10, 2016 7:41 AM
    Moderator
  • I'm trying to find out for sure ... why does it NEED 25 when it should be using 465 and 587 for encryption anyway? This is driving me crazy.
    465 ( deprecated) and 587 are the *mail client* submission ports, not the ports used for SMTP relaying between servers. That is port 25. TLS/SMTP uses port 25 as well. 

    Blog:    Twitter:   

    Wednesday, August 10, 2016 11:41 AM
  • FYI - In my area, blocking outbound port 25 from dynamic/consumer ISP is typical and has been for many years (at least 10 years). They do that as an antispam measure so that infected workstations can't send out spam.

    You should probably prepare yourself to pay extra for the business plan and a static IP if you need the outbound port 25 access. My bet is that the support side just wasn't aware the change was being implemented and it's probably not negotiable.


    Byron Wright (http://byronwright.blogspot.ca)

    Wednesday, August 10, 2016 12:53 PM
  • I've had a few friends test their port 25 communications, and two members of my family and all can telnet out on port 25 as a test.  I cannot.  It's been working fine for years now.  I find it very strange that all of a sudden JUST me gets blocked, with two different modems, and a dozen or so IP addresses I've picked up.  Right now I have my exchange server VPN'd into another service so I can still use port 25, as it works when encrypted, but what a pain in the but!
    Thursday, August 11, 2016 4:28 AM
  • Hi,

    Thank you for your reporting back, and please help to mark the helpful reply as answer.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Monday, August 15, 2016 2:03 AM
    Moderator
  • Well I guess the answer is:  "No you cannot change the port that EOP uses to communicate with an on-premise server".  Not what I wanted to hear... :/
    • Marked as answer by Erik Tank Monday, August 15, 2016 4:24 AM
    Monday, August 15, 2016 4:24 AM
  • Well I guess the answer is:  "No you cannot change the port that EOP uses to communicate with an on-premise server".  Not what I wanted to hear... :/
    Since I and others essentially told you that, you should mark our answers appropriately, not yours.

    Blog:    Twitter:   

    Monday, August 15, 2016 10:43 AM