Skip to content
ProtocolPorts

Port reference

Port 2525 (TCP) – SMTP Submission (alternate)

Unofficial alternate SMTP submission port commonly used when standard mail ports (25/587/465) are blocked.

tcpRegisteredCommonly attacked

Default state

Not an official mail port, but widely supported by mail providers as a fallback when 25/587 are blocked.

Common attacks

  • Credential brute force against SMTP authentication
  • Spam relay abuse through misconfigured or open submission
  • Credential capture if STARTTLS is not enforced
  • Reconnaissance of mail server capabilities via SMTP commands

Hardening

  • Require SMTP AUTH and enforce STARTTLS (or implicit TLS) on submission
  • Never run as an open relay — restrict to authenticated senders
  • Rate-limit and lock out repeated failed logins
  • Keep the MTA patched and monitor for unusual send volumes

nmap snippet

nmap -p2525 --script smtp-commands,smtp-open-relay <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 2525?

Port 2525 is a non-standard alternate SMTP submission port. It carries the same mail submission protocol as the official ports — 25 (server-to-server), 587 (submission), and 465 (implicit TLS submission) — but on a number that is not reserved by the IANA for mail. Providers expose it so clients can still send authenticated mail when their network blocks 25 or 587.

Why it matters for security

Because 2525 is a real submission endpoint, it must be secured exactly like 587: require SMTP AUTH and STARTTLS. The risk is that admins treat the alternate port as an afterthought and leave it without TLS or, worse, configured as an open relay. Either mistake exposes credentials or lets spammers send through the server.

How it's attacked

Attackers brute-force SMTP credentials against the submission login and probe for open-relay misconfigurations to send spam through the server. If STARTTLS is not enforced, they can capture credentials in transit. They also enumerate SMTP commands during reconnaissance to fingerprint the MTA and find weaknesses.

Hardening checklist

Require SMTP AUTH and enforce STARTTLS (or implicit TLS) on the submission port. Never run an open relay — accept mail only from authenticated senders. Rate-limit and lock out repeated failed logins to blunt brute force, keep the MTA patched, and monitor for unusual send volumes that signal abuse. The nmap snippet above lists supported SMTP commands and checks for open relay on systems you are authorized to test.

Related ports

Port 25Port 587Port 465Port 993

Frequently asked questions

Why use port 2525 instead of 587?
Port 2525 is a non-standard alternative used when ISPs or networks block the official submission ports 25 and 587. Many providers support it as a fallback so clients can still send authenticated mail.
Is port 2525 secure?
It can be, if you require SMTP AUTH and STARTTLS just as you would on 587. The port number alone provides no security — it is the same submission protocol on a different number.