Email ports and servers

Outgoing: e.g email leaving outlook
25 for for server to server. neither encryption nor authentication.
587 for MUA to connect, with authentication
Encryption: by STARTTLS command
Authentication: by AUTH LOGIN command. no Authentication needed on internal network
or none: just as port 25
465 smtps: SMTP over SSL, 465 is to 25 as 443 is to 80. therefore neither plain HELO nor EHLO

Incoming: e.g. Retrieval to outlook:
110 POP3 Non-Encrypted
995 POP3 over SSL
143 IMAP Internet Message Access Protocol
993 IMAP over SSL

Some programs:
msmtp: for sending. I was using this to send notifications to my gmail account.
is MUA, talking to MTA port 587 for further sending,
For example, it talks to with my login to send to
Postfix: MTA
Receive emails from MUA with authentication on port 587
Receive emails from other MTA without authentication on port 587 or 25 or 465
Send emails to other MTA
I used it to setup my own email server for
Need reverse DNS record in order to be accepted by MTA community
More detail at
ssmtp: it’s like half Pstfix, only sending no receiving
sendmail: MUA and MTA in the 1980s
mail: MUA, calls /usr/sbin/sendmail, which connects to local MTA like port 25.
mutt: MUA, read from POP/IMAP and send to local MTA

Customized email address

Goal: setup and forward to
done by MTA postfix

Domain server: point MX record to
OS: user rio must exist since is alias of
Email server: AWS EC2 named, Ubuntu18
Install postfix: apt-get install postfix
vi /etc/postfix/
add this line: myhostname =
virtual_alias_domains is not involved here since no virtual domain
vi /etc/aliases
add this line: me: rio
run this: sudo postmap /etc/postfix/virtual
create this file: sudo vi /etc/postfix/virtual
add this line:
run this: sudo newaliases
Check status:
#service postfix status
#netstat -ltnp | grep 25
contact AWS support to unblock outgoing port 25, which is blocked by default.
open incoming port 25 from security group.
Notes: IMAP and POP3 are not configured since emails are forwarded to gmail.
Telnet to port 25 and watch response to commands such as “RCPT TO”
log files: /var/log/mail.log and mail.err
restart server: sudo service postfix restart or reload


AWS fails to Redirect emails, and there is no cure

I asked SES (Amazon Simple Email Service) to Redirect(instead of forward) my emails to Gmail.

It works most of the time, but fails redirecting emails from, who makes GeniCam cameras for us.

Here is the error message:”This message was not eligible for redirection because the sender was not authorized according to the published SPF record”

When I googled this message, two items showed up, but both unanswered.

This failure is a result of fighting email spoofing. Here is my explanation, in an intuitive way.

Framos tells the world (by SPF) who is allowed to send email for him.

(decent servers respect his request, such as SES)

Since Framos doesn’t list SES on his list, SES doesn’t send (same as redirect) his email to me.

Redirection failed by design, and nothing can be done to fix this.

I expect when more domains publish SPF, more emails will fail to redirect.

Extra notes:

Redirecting is different from forwarding.

When SES “forward” Framos’s email to me, and I hit Reply button, I am replying to my SES address, instead of Framos.

With “redirect”, I reply to Framos, which is what I wanted.