Re: Best practice for SMTP relay with user authentication.

---

• From: "David Robillard" <david.robillard@xxxxxxxxx>
• Date: Mon, 13 Aug 2007 10:14:52 -0400

---

I have my postfix authenticate users before accepting mail for non-local
delivery. Till now, users can connect to port 25 and 465 (smtps) use
STARTTLS and authenticate.

But, I stumbled upon submission port 587 which is not reserved - it
appeas - for a protocol but for a use?

I'd like to align my configuration with best practice. Should I just
move postfix to bind to port 587 or did I misunderstand that submission
is indeed a different protocol? Is there any best practice for which
protocol should be used for submission?

Port 587 is used by the Mail Submission as defined in section 3.1 of
RFC 2476 - Message Submission:

3.1. Submission Identification

Port 587 is reserved for email message submission as specified in this
document. Messages received on this port are defined to be
submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with
additional restrictions as specified here.

While most email clients and servers can be configured to use port 587
instead of 25, there are cases where this is not possible or
convenient. A site MAY choose to use port 25 for message submission,
by designating some hosts to be MSAs and others to be MTAs.

Basically, port 25 is used by Mail Transfer Agents (MTA) while 587 is
used by the Mail Submission Programs (MSP).

If you need more info, check the "Bat Book" (i.e. Sendmail by
O'Reilly) which is pretty clear on that topic. You can also check
"Sendmail Cookbook" also from O'Reilly for tips, tricks and recipies
on what you can do with MSP. Of course, it's sendmail related. But I'm
quite sure you can adapt it to Postfix or whatever your organisation
uses to handle emails.

Finally, IMHO the best description of the what, where and why of
Submission is described in the "UNIX System Administration Handbook"
by Nemeth, Snyder, Seebass & Hein. Check it out at
http://www.admin.com. It's a must read for all UNIX systems
administrators.

HTH,

David
--
David Robillard
UNIX systems administrator & Oracle DBA
CISSP, RHCE & Sun Certified Security Administrator
Montreal: +1 514 966 0122
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

---

• Prev by Date: Re: WEBEX type app
• Next by Date: Urgent help needed please: pecl-memcache problem after upgrade of php
• Previous by thread: WEBEX type app
• Next by thread: Urgent help needed please: pecl-memcache problem after upgrade of php
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Who is the code sherriff around here? ... Well i remember Crouchie1998 as a pretty active member of this group, ... In one submission to retrieve the XP key using native .NET function ... I need to create a file printer port. ... (microsoft.public.dotnet.languages.vb) Who is the code sherriff around here? ... No offense to anyone in this group, particularly Tom Shelton, Michael M, or ... In one submission to retrieve the XP key using native .NET function instead ... I need to create a file printer port. ... (microsoft.public.dotnet.languages.vb) Re: No NDR for unknown user ... submissions separately from deliveries. ... submission port 587. ... you can enforce SSL encryption on your submission ... server without affecting the MX, ... (microsoft.public.inetserver.iis.smtp_nntp) Re: [opensuse] SMTP (Port 25 and Black List) ... on it so changing the port is not an option. ... a fee to use their smtp server. ... and only allow mail submission through that port, ... This would force users to authenticate. ... (SuSE)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)