Re: Best practice for SMTP relay with user authentication.

2007-08-13 Thread David Robillard 
 I have my postfix authenticate users before accepting mail for non-local
 delivery. Till now, users can connect to port 25 and 465 (smtps) use
 STARTTLS and authenticate.

 But, I stumbled upon submission port 587 which is not reserved - it
 appeas - for a protocol but for a use?

 I'd like to align my configuration with best practice. Should I just
 move postfix to bind to port 587 or did I misunderstand that submission
 is indeed a different protocol? Is there any best practice for which
 protocol should be used for submission?

Port 587 is used by the Mail Submission as defined in section 3.1 of
RFC 2476 - Message Submission:

3.1. Submission Identification

Port 587 is reserved for email message submission as specified in this
document. Messages received on this port are defined to be
submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with
additional restrictions as specified here.

While most email clients and servers can be configured to use port 587
instead of 25, there are cases where this is not possible or
convenient. A site MAY choose to use port 25 for message submission,
by designating some hosts to be MSAs and others to be MTAs.

Basically, port 25 is used by Mail Transfer Agents (MTA) while 587 is
used by the Mail Submission Programs (MSP).

If you need more info, check the Bat Book (i.e. Sendmail by
O'Reilly) which is pretty clear on that topic. You can also check
Sendmail Cookbook also from O'Reilly for tips, tricks and recipies
on what you can do with MSP. Of course, it's sendmail related. But I'm
quite sure you can adapt it to Postfix or whatever your organisation
uses to handle emails.

Finally, IMHO the best description of the what, where and why of
Submission is described in the UNIX System Administration Handbook
by Nemeth, Snyder, Seebass  Hein. Check it out at
http://www.admin.com. It's a must read for all UNIX systems
administrators.

HTH,

David
-- 
David Robillard
UNIX systems administrator  Oracle DBA
CISSP, RHCE  Sun Certified Security Administrator
Montreal: +1 514 966 0122
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Best practice for SMTP relay with user authentication

2007-08-12 Thread Per olof Ljungmark 

Erik Norgaard wrote:

Hi:

I have my postfix authenticate users before accepting mail for non-local 
delivery. Till now, users can connect to port 25 and 465 (smtps) use 
STARTTLS and authenticate.


But, I stumbled upon submission port 587 which is not reserved - it 
appeas - for a protocol but for a use?


I'd like to align my configuration with best practice. Should I just 
move postfix to bind to port 587 or did I misunderstand that submission 
is indeed a different protocol? Is there any best practice for which 
protocol should be used for submission?


I'm not an authority on the subject but we use it here for 
server-to-server. Here's a link to more reading:

http://www.faqs.org/rfcs/rfc2476.html

We use port 465 for authenticated MUA-to-MTA.

Per olof
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]