Switching to 587 submission

Wed, 07 Dec 2011 16:49:33 -0800 

I've been using smtps on port 465 for sending mail but I read it's
deprecated so I'm trying to switch to submission port 587.

With 465 I was using the "Connection security: SSL/TLS" setting in
Thunderbird, but after switching to 587 I can't send mail unless I
change it to STARTTLS.  Can anyone explain this?  Should I be using
STARTTLS instead of SSL/TLS for courier 993?

Whether using 465 or 587, I noticed I can't log in to send mail from
my mail clients unless the password is sent unencrypted.  Is that OK
since I'm using STARTTLS or should I also enable encryption of the
password?

Previously in master.cf I was running smtps like this:

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

Should I enable all of this for submission:

submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

I don't think I need milter_macro_daemon_name since I'm not using a
mail filter.  I am running saslauthd but it looks like I didn't have
it enabled for smtps previously.  I'm surprised because I thought I
required authentication in order to use smtps.

Here is most of the non-default stuff from main.cf:

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        permit

postscreen_greet_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce

smtpd_tls_security_level = may
smtpd_tls_auth_only = yes

Thanks to anyone who can help me out with this or point out any
deficiencies/stupidities in my config.

- Grant

Reply via email to