On 04/05/10 13:45, Carlos Mennens wrote:
On Mon, Apr 5, 2010 at 1:15 PM, fakesshfakessh@fakessh.eu wrote:
the default port for TLS is 587 don't use 25
When I change my SMTP from 25 to 587. I am unable to send email from webmail. If I change the port back to 25, I can send SMTP fine. I checked my Firewall and I am allowing port 587 outbound for sending TLS from my DMZ. I am using Postfix and my TLS configuration is fairly basic. I thought TLS was possible on port 25 but from what you're saying it's not. I must be confused...
You can do TLS on any port. Usually, you set up a separate submission instance on port 587 where you force TLS authentication. For example in Postfix this instance would have smtpd_tls_security_level=encrypt. Your users use port 587, and that way, they can never send credentials in plain text.
However, you can also use opportunistic (i.e. whenever it will work) TLS on port 25. If a remote mail server supports TLS, great, but you can't require it because most remote MTAs won't have it enabled.
Whether or not any of that will actually work, of course, depends on your Postfix config. If you can't do TLS on port 25, you may not have it enabled on that port. Make sure you have at least smtpd_tls_security_level=may, but *don't* set your main port 25 smtpd to level=encrypt.
List info: http://lists.roundcube.net/users/