On 12/8/11 1:06 PM, Grant wrote: >> I don't think you're really getting the significance of port 587 vs. port 25. > > I think you're right. > >> 587 can be used encrypted or unencrypted, authenticated (preferably) or >> not... you could for instance just limit 587 connections from a particular >> subnet, etc. > > Why then won't Squirrelmail send mail on port 587 unencrypted with > "Secure SMTP (TLS) : false"? I get: > > 530 5.7.0 Must issue a STARTTLS command first
Squirrelmail seems perfectly happy to send unencrypted email on 587... but your smtpd instance doesn't like that. We use 587 without TLS here, but only on the loopback interface: 127.0.0.1:submission inet n - n - - smtpd -o milter_macro_daemon_name=ORIGINATING >> But the main difference is this: >> >> 587 is used by MUA's (i.e. clients) to submit *outbound* messages to your >> MTA (relay). >> >> 25 is used by your MTA to receive *incoming* messages from other >> administrative domains (organizations). > > Port 25 is never used to submit outbound messages? If not, I'm > confused as to why Squirrelmail describes its "SMTP Port" setting this > way: > > This is the port to connect to for SMTP. Usually 25. It *was* used to submit outbound messages, but this has proven susceptible to open-relay exploits, etc. You're really better off using 587 exclusively. -Philip > - Grant
