nik600:
> Thanks all for the information.
>
> I try to explain better what is my goal:
>
> i want to force all my sasl users to use SSL, so i've given them 2 option:
>
> you can auth using STARTSSL on standard port 25
> you can auth using TLS/SSL on standard port 465
Mail servers connect to port 25 (smtp).
Mail clients should connect to port 587 (submission).
Wietse
> reading your answer i've understand that the service on 465 is already
> configured to force encryption, but i can't to that on port 25 because this
> port is used also for standard delivery from other mailserver which is not
> encrypted.
>
> So:
>
> can i force force the STARTSSL on port 25 only when the user want to auth?
>
> Reading above, smtpd_tls_auth_only should be the correct answer, not?
>
> Thanks
>
>
>
> 2013/11/7 Wietse Venema <wie...@porcupine.org>
>
> > li...@rhsoft.net:
> > > Am 06.11.2013 23:34, schrieb Benny Pedersen:
> > > > nik600 skrev den 2013-11-06 23:19:
> > > >
> > > >> is possible to force startssl/tls/ssl on sasl login ?
> > > >
> > > >
> > http://www.faqforge.com/linux/how-to-enable-port-465-smtps-in-postfix-mailserver/
> > >
> > > and what has the deprecated smtps to do with the question?
> > > how does it prevent to authenticate on 587 without TLS/SSL?
> >
> > The service on port 465 has no plaintext SMTP phase. Therefore
> > it forces TLS before SASL login as requested.
> >
> > > why would you stop use the correct submission port?
> > >
> > > in other words - there where enough correct answers before
> >
> > Indeed, 465 (smtps) is obsolete. The preferred approach is to use
> > the submission port, with mandatory TLS (smtpd_securty_level=encrypt).
> >
> > Wietse
> >
>
>
>
> --
> /*************/
> nik600
> http://www.kumbe.it
