> I believe you need to move your users to the alternate submission port. The
> normal widely used port for this is 587. Some people will lock down port
> 587 to only allow authenticated and encrypted connections. Others will
> allow non crypto, but mandate authentication.
Thanks for the suggestion. It seems to be indeed the "right" thing to
do. I hope that ISP will not start intercepting also port 587 :-)
> Switch your users to port 587, assuming you have set up the submission port
> in master.cf and you should be good to go. I suggest also enabling TLS as
> well.
That's what I've done. Actually I will try to enforce TLS
I modified master.cf and configure submission that way:
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
Regards,
Gaël
