Is it possible to get a port from MX lookup?

Question

I am on a journey of understanding what is the proper way to send an email from Python code. I have somewhat progressed in understanding of MX lookup, though: "the larger the island of knowledge, the longer the shoreline of wonder".

Thanks to this answer, I was able to send an email (to a disposable mailbox though), with this code-snippet:

import smtplib

from email.message import EmailMessage

message = EmailMessage()
message.set_content('Content of the message here.')
message['Subject'] = 'Mail sent from code'
message['From'] = 'whoever@whatever.com'
message['To'] = 'aloun36zmzazyxd3tyop@3mail.rocks'

smtplib.SMTP('mail.3mail.rocks:2525')
smtp_server.send_message(message)
smtp_server.quit()

Here is how I come up with SMTP address and port (mail.3mail.rocks:2525):

1. Done MX lookup for 3mail.rocks domain:

   • host -t mx 3mail.rocks

     3mail.rocks mail is handled by 10 mail.3mail.rocks.
     

2. Then I just started checking ports used by default, with telnet mail.3mail.rocks xxx, this gave me the following results:

   • telnet mail.3mail.rocks 25

     Trying 89.38.99.80...
     telnet: connect to address 89.38.99.80: Connection refused
     telnet: Unable to connect to remote host
     

   • telnet mail.3mail.rocks 465

     Trying 89.38.99.80...
     telnet: connect to address 89.38.99.80: Operation timed out
     telnet: Unable to connect to remote host
     

   • telnet mail.3mail.rocks 587

     Trying 89.38.99.80...
     telnet: connect to address 89.38.99.80: Operation timed out
     telnet: Unable to connect to remote host
     

   • telnet mail.3mail.rocks 2525

     Trying 89.38.99.80...
     Connected to mail.3mail.rocks.
     Escape character is '^]'.
     220 node1 ESMTP Haraka 2.8.16 ready
     

   So, that is how I figured out the needed port (by brute-force, essentially).

I went on to test my snippet on another disposable mail service (mailforspam.com), following the same steps — MX lookup (host -t mx mailforspam.com) returned:

mailforspam.com mail is handled by 10 mail2.mailforspam.com.
mailforspam.com mail is handled by 10 mail1.mailforspam.com.

Though I was not able to connect via telnet (I have tried both servers mail2.mailforspam.com and mail1.mailforspam.com) to any of the default ports: port 25 — Connection refused, ports 2525, 587, 465 — Operation timed out.

Questions are:

1. How do I figure out the proper ports for the server accepting mails on behalf of a particular domain (one that is returned by MX lookup)? My understanding here is that "default" ports are just conventions, and, in fact, servers can use any free port they choose.
2. I assume that when email is sent from one email provider to another, the SMTP server it is submitted to (one belonging to the user that is sending email) does something similar (i.e. MX lookup => connection to mail accepting server => submitting an email). How do such "real-world" servers figure out the proper port (or they just brute-forcing through the default ones)?

Answer 1

How do I figure out the proper ports for the server accepting mails on behalf of a particular domain (one that is returned by MX lookup)?

What you've shown in your question is more or less correct. You may want to try the ports in a different order. Also, port 2525 is not an official port from any standard I'm aware of but seems to be a convention for bypassing firewalls that block the submission port 587.

One thing to note is that "accepting mail" is not actually one thing. There are "mail user agents" that do "submission" and "mail transfer agents" that do "transfer". "Submission" and "transfer" often live on different ports which explains some of the diversity you've seen. Figure out whether you're doing submission or transfer and select the appropriate group of ports.

My understanding here is that "default" ports are just conventions, and, in fact, servers can use any free port they choose.

This isn't really true, at least not if the servers want anyone to be able to find them, because ...

How do such "real-world" servers figure out the proper port (or they just brute-forcing through the default ones)?

Mail servers that actually want to be able to receive mail must run on a standard port number. For MTAs this means port 25 with maybe a fallback to 465 (though this isn't standardized either). For MUAs this means port 587 with maybe a fallback to 2525 (also not standardized but apparently in common use as a workaround to MUAs being blocked).

In particular, MX records carry no port information, nor does any other DNS record type related to SMTP.

Answer 2

The MX you get needs to support port 25, that's part of the SMTP definition. If you are unable to connect, chances are the block is in the firewall on your own side — port 25 outbound is aggressively blocked from consumer-grade networks, in an attempt to curb direct-injection spam.

Port 25 between authorized servers is not blocked, there is no reason or need for the server to figure out a different port number.