On Tue, Sep 28, 2010 at 5:14 AM, Charles Marcus <cmar...@media-brokers.com>wrote:
> On 2010-09-28 6:04 AM, Neil wrote: > > I want to have postfix listen on an additional port (say 785) for SMTP > > submission by clients. > > You mean in *addition* to the submission port (587)? Or was that a typo > and you really want to listen on port 587? > Yeah, ideally I want it in addition. No typo. :P Since it's my personal mail server, I suppose it wouldn't be a big deal to use 785 /instead/ of 587; I'd just have to change my config all over the place. By having it in /addition/, I can just use 785 when/where needed, and continue to use 587 everywhere else. > > > At first I thought all I had to do was add another line in master.cf > > <http://master.cf> that looked the same as the submission line, but > > change the port somewhere. > > Maybe it wasn't a typo... yes, you can simply clone the submission line > in master.cf, but change the service name to the port# (ie, 785) like so: > > 785 inet n - n - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_tls_auth_only=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > But unless you have a really good reason ('security through obscurity is > NOT a good reason), I recommend simply uncommenting the submission port > and use it. > > Oh, I definitely do use 587/submission right now (as you might've deduced from above). The reason I want 785 is because I recently find myself visiting a network quite regularly where 25, 465, 587 are all blocked (don't ask me why; doesn't make much sense to me). Now, I could SSH-tunnel everything through to my server (I guess it'd just take a couple lines added to my ~/.ssh/config), but this seemed like a potentially easier course of action. > > But then I read in the docs for master.cf <http://master.cf> it seemed > > to me that a service could only be listed once in master.cf > > This only applies to the service+port#. Services listed by name by > definition include the port#. So, you can't have two different smtpd > listeners on the same host:port, but you can have multiple listeners on > *different* ports. > Ah, perfect. That's what I was hoping for. Thanks for all the help, Neil.
