Hi,
2009/8/6 Noel Jones <njo...@megan.vbhcs.org>: > Eduardo Júnior wrote: >> >> So, SMTPS (465/tcp) is deprecated and I can remove this line from my >> master.cf >> I actived submission (587/tcp) and I ask: >> >> For my experience, this would useful only to users to send messages (a >> dedicated daemon) and port 25 (other SMTP daemon) to receive mail from >> others servers, correct? >> What the real beneficit after that? >> I already have TLS actived in my SMTP daemon and the submission only >> would alter the port to connect? > > Both submission and smtps are intended for use by your own authenticated > users. You only need smtps if you have users with a client that can't use > submission - generally older versions of Outlook/OE, and some (current) > mobile devices. While you were writing this message, i was testing with a outlook client and i noticed this. So, I stay both ports: 465 for my clients that use outlook and 587 to others. > > "smtps" must run on a separate port because it's incompatible with normal > SMTP. This happened before the current standard STARTTLS command was > invented. Yes, I read this in: http://www.postfix.org/postconf.5.html#smtpd_tls_wrappermode > > Some ISPs block port 25 access to "home" users. If your user happens to be > on such an ISP, they need an alternate to port 25 for submitting mail. This > is the intent of the submission port. > > Also, separating user submissions from general internet traffic allows you > to easily apply different policies to the different classes of traffic. > >> >> My submission is the default: >> >> submission inet n - - - - smtpd >> -o smtpd_tls_security_level=encrypt >> -o smtpd_sasl_auth_enable=yes >> -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> -o milter_macro_daemon_name=ORIGINATING > > This is fine. It rejects any unauthenticated client. > You might want to explicitly add > -o smtpd_delay_reject=yes > in case someone unwisely changes the default in main.cf, never giving the > user a chance to authenticate. > > Some people like to explicitly set all the smtpd_*_restrictions on the > submission entry so that main.cf parameters don't interfere with submission > port settings. > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > -o smtpd_data_restrictions= > -o smtpd_end_of_data_restrictions= > thanks for the explanations. []'s -- Eduardo Júnior GNU/Linux user #423272 :wq
