FYI I always have to remind myself why port 587 works and why its not blocked as well - after all it seems like a crazy workaround right, did SBC etc. just forget to block it to?
Well no, when a mail server is trying to deliver mail to your final address it will usually contact the mail server(s) listed for your domain (in the DNS MX record) using port 25 using the ole SMTP protocol. SMTP mail servers typically accept incoming for their domain from remote agent without any authentication - that’s how its supposed to work. Although with the advent of spammers they often restrict agents connecting to them via RBLs - realtime black hole lists - that tell them the IPs of machines that are compromised, untrustworthy or used by known spammers.
However when you, as a user contact a mail server you are not (typically) delivering it to the final destination domain. - your server will do that for you, or at least get the process on the way. To conect to a mail server to do this usually requires an account with a specific server - username and password - or to be attached to it physically (via a DSL line say) or logically (via a VPN). Any server that doesn’t implement such restrictions is likely to be categorized as an “open relay” and will quickly get itself banned from delivering email via the RBLs that are widely used.
So - port 587 works because unlike port 25 it is not the port connected to for the final step of delivering email to a domain. Port 587 will be used for initiating mail transfer and the mail server will require authenticated login before it will even talk to you. After that it assumes you are a trustworthy known user, with legitimate access to deliver mail locally to that domain(s) the server represents, or remotely to somewhere else.
Hence, if your machine is compromised by spam bots, viruses, spyware etc. unless it knows your mail account passwords it is not going to be able to randomly connect to email servers on port 587 and deliver spam to them which it could on port 25 if it wasn’t blocked. Of course it is possible the malicious software has found your password - especially if it installs a keyboard logger or decrypts your Outlook settings) but this is so far MUCH less common than the machine being compromised by a dumb spam bot in the first place.
Finally (hopefully all this is useful to someone - hey I just like to type!) if a spammer knows a user/pass for a mail server it is likely they will be able to reach it from your machine on port 587. In this case they can still take over your home machine, circumvent port 25 blocking to send spam via that server on port 587 and effectively use it as a relay. However the volume of email/traffic typically generated by spammers would hopefully quickly get them shut down. One can only wonder just how many compromised mail server accounts there are out there for use in this way.
And the obligatory discount coupon/code:
TECHTIMEMAX - for the maximum discount on DreamHost accounts - in most cases $97 off. You can’t get better than that!