On 04/05/10 13:45, Carlos Mennens wrote:
> On Mon, Apr 5, 2010 at 1:15 PM, fakessh<[email protected]>  wrote:
>> the default port for TLS is 587
>> don't use 25
>
> When I change my SMTP from 25 to 587. I am unable to send email from
> webmail. If I change the port back to 25, I can send SMTP fine. I
> checked my Firewall and I am allowing port 587 outbound for sending
> TLS from my DMZ. I am using Postfix and my TLS configuration is fairly
> basic. I thought TLS was possible on port 25 but from what you're
> saying it's not. I must be confused...

You can do TLS on any port. Usually, you set up a separate submission 
instance on port 587 where you force TLS authentication. For example in 
Postfix this instance would have smtpd_tls_security_level=encrypt. Your 
users use port 587, and that way, they can never send credentials in 
plain text.

However, you can also use opportunistic (i.e. whenever it will work) TLS 
on port 25. If a remote mail server supports TLS, great, but you can't 
require it because most remote MTAs won't have it enabled.

Whether or not any of that will actually work, of course, depends on 
your Postfix config. If you can't do TLS on port 25, you may not have it 
enabled on that port. Make sure you have at least 
smtpd_tls_security_level=may, but *don't* set your main port 25 smtpd to 
level=encrypt.

_______________________________________________
List info: http://lists.roundcube.net/users/

Reply via email to