On Thursday 08 December 2011 14:06:15 Grant wrote: Philip: > > 587 can be used encrypted or unencrypted, authenticated > > (preferably) or not... you could for instance just limit 587 > > connections from a particular subnet, etc. > > Why then won't Squirrelmail send mail on port 587 unencrypted with > "Secure SMTP (TLS) : false"? I get: > > 530 5.7.0 Must issue a STARTTLS command first
Sounds like you are requiring TLS for AUTH, a good idea. http://www.postfix.org/SASL_README.html#smtpd_sasl_security_options http://www.postfix.org/TLS_README.html#server_tls_auth http://www.postfix.org/postconf.5.html#smtpd_tls_auth_only > > But the main difference is this: > > > > 587 is used by MUA's (i.e. clients) to submit *outbound* messages > > to your MTA (relay). > > > > 25 is used by your MTA to receive *incoming* messages from other > > administrative domains (organizations). > > Port 25 is never used to submit outbound messages? If not, I'm > confused as to why Squirrelmail describes its "SMTP Port" setting > this way: > > This is the port to connect to for SMTP. Usually 25. Much of the world thinks this is so. They are wrong. We are not. You should keep submission separate from mail exchange, and port 587 is the standard means for doing so. BTW I think Noel had the ultimate answer to this thread: just stick with your smtps on 465 until Squirrelmail catches up and implements STARTTLS. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
