On 5/21/2010 2:33 PM, Phil Howard wrote: > I'm trying to find out what port is to be used with "always on" SSL/TLS > (e.g. no STARTTLS command needed, it just does SSL/TLS once the TCP > connection is made, which I understand smtpd_tls_wrappermode=yes will > do), and the RFCs are coming up empty. I thought it was 587. But > RFC4409 doesn't say if this is, or is not, SSL/TLS. Some mail clients > are using 465 by default, but that isn't even official for anything > email related. Anyone know where this port 465 came from? RFC4409 > seems to just be about doing authentication to allow submission (e.g. > submission protocol, smtp with authentication added). We definitely > need to have a port running with "always on" SSL/TLS so certain access > rules can be enforced at firewalls (that I seriously doubt can be easily > made to verify that STARTTLS gets used). In theory, this would be the > same as if I used stunnel listening on (probably) 587 and reconnecting > back to [::1]:25 (aside from losing the ability to do any connection > peer IP address checks). >
Phil, Please respond here and not from your regular account.. I neglected to hit reply to list! Well, you can put SSL/TLS on any port really. Submission being 587, pop3s being 995, smtps being 465.. which ports are you wanting SSL/TLS on? -Matt
