On Jul 10, 2010, at 1:52 PM, Ansgar Wiechers wrote:
> On 2010-07-10 James wrote:
>> I currently use ssh to forward a local port to port 25 on my mail
>> server. I would like to submit mail on port 465
>
> No, you wouldn't.
>
>> but I am on DHCP and I don't want to update main.cf whenever I get a
>> new IP (plus I have a laptop that could be on any network).
>> I think I need to do something with client certificates?
>
> No. You need a server certificate, enable submission (port 587/tcp, SASL
> authentication), and point your clients to that port.
>
Port 465/tcp is called "smtps" in master.cf. It's the old way of doing "secure
smtp". It's a convenience for people who have to support clients running older
version of MS Outlook or MS Outlook Express. By default older versions of those
clients would use SMTP+AUTH+Old Style TLS on port 465 to send mail. If you
don't have to support these people just use port 587. If some of your user
population is running Outlook Express 2003, turning on "smtps" with the
restriction that they use SSL/TLS and SASL authentication is handy.
I support internet services for a small consulting firm that uses a
postfix/courier server in a "virtual office" setup. All of my users are remote
so I don't get to see what's on their screens as they configure things. Outlook
express can be convinced to use 587 but my experience with my users I find that
Outlook sometimes changes the port setting from 587 to 465 during
configuration.
You will need a certificate for this but if the number of clients is small you
don't have to go to Verisign or some other Trust agency.
-- Chris
Chris Hilton e: chris|at|vindaloo|dot|com
----------------------------------------------------------------------------
"The pattern juggler lifts his hand; The orchestra begin.
As slowly turns the grinding wheel in the Court of the Crimson King."
-- Ian McDonald / Peter Sinfield
