On 05/10/2014 04:27 PM, Brian J. Rogers wrote: > I need to setup a mail server but I'd like for it to relatively secure.
One way to secure it is to only allow access to the SSL ports (SMTPS on 465, POP3S on 995, IMAPS on 993). But TLS works over the ordinary ports and the conversation always begins in plain text, and then negotiates encryption over the same channel. I believe TLS allows a program to enter and leave encryption, something SSL typically does not. Configuring both postfix and dovecot to require TLS before authentication on the normal ports is possible: http://www.iredmail.org/forum/topic4600-iredmail-support-configuring-postfix-dovecot-to-use-only-ssltls.html Another way to secure postfix (well any mail server really) is to only allow authentication when a user connects to port 587 and uses TLS. Normal connections for incoming mail on port 25 are unaffected. Google's outgoing smtp servers are configured this way. http://postfix.1071664.n5.nabble.com/SASL-authentication-on-port-587-only-td22239.html /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
