Byung-Hee HWANG a écrit : > mouss wrote: >> Byung-Hee HWANG a écrit : > [...] >> - Use the submission port (587) with TLS+SASL. > > What is different between using 25 and using 587? >
587 has been reserved for mail submission. It is a good practice to separate the flows. some advantages: - you can have different configs without losing your hair trying to arrange smtpd restrictions to cope with both submission (aka outbound mail) and MX (aka inbound mail). - you can firewall port 25 (block some networks). your users will still be able to connect to 587. - malware that naively connects to port 25 will be detected thanks to your firewall alerts/logs. - you can easily enable header and/or body rewrite (such as fixing incomplete addresses, ..) for submitted mail without touching "inbound" mail. ... of course, migration should always be implemented incrementally. you can still allow users to submit via 25 while migrating users...
