Thanks all for the information. I try to explain better what is my goal:
i want to force all my sasl users to use SSL, so i've given them 2 option: you can auth using STARTSSL on standard port 25 you can auth using TLS/SSL on standard port 465 reading your answer i've understand that the service on 465 is already configured to force encryption, but i can't to that on port 25 because this port is used also for standard delivery from other mailserver which is not encrypted. So: can i force force the STARTSSL on port 25 only when the user want to auth? Reading above, smtpd_tls_auth_only should be the correct answer, not? Thanks 2013/11/7 Wietse Venema <[email protected]> > [email protected]: > > Am 06.11.2013 23:34, schrieb Benny Pedersen: > > > nik600 skrev den 2013-11-06 23:19: > > > > > >> is possible to force startssl/tls/ssl on sasl login ? > > > > > > > http://www.faqforge.com/linux/how-to-enable-port-465-smtps-in-postfix-mailserver/ > > > > and what has the deprecated smtps to do with the question? > > how does it prevent to authenticate on 587 without TLS/SSL? > > The service on port 465 has no plaintext SMTP phase. Therefore > it forces TLS before SASL login as requested. > > > why would you stop use the correct submission port? > > > > in other words - there where enough correct answers before > > Indeed, 465 (smtps) is obsolete. The preferred approach is to use > the submission port, with mandatory TLS (smtpd_securty_level=encrypt). > > Wietse > -- /*************/ nik600 http://www.kumbe.it
