On 04/05/10 13:45, Carlos Mennens wrote: > On Mon, Apr 5, 2010 at 1:15 PM, fakessh<[email protected]> wrote: >> the default port for TLS is 587 >> don't use 25 > > When I change my SMTP from 25 to 587. I am unable to send email from > webmail. If I change the port back to 25, I can send SMTP fine. I > checked my Firewall and I am allowing port 587 outbound for sending > TLS from my DMZ. I am using Postfix and my TLS configuration is fairly > basic. I thought TLS was possible on port 25 but from what you're > saying it's not. I must be confused...
You can do TLS on any port. Usually, you set up a separate submission instance on port 587 where you force TLS authentication. For example in Postfix this instance would have smtpd_tls_security_level=encrypt. Your users use port 587, and that way, they can never send credentials in plain text. However, you can also use opportunistic (i.e. whenever it will work) TLS on port 25. If a remote mail server supports TLS, great, but you can't require it because most remote MTAs won't have it enabled. Whether or not any of that will actually work, of course, depends on your Postfix config. If you can't do TLS on port 25, you may not have it enabled on that port. Make sure you have at least smtpd_tls_security_level=may, but *don't* set your main port 25 smtpd to level=encrypt. _______________________________________________ List info: http://lists.roundcube.net/users/
