On 04/06/2015 08:05 PM, Muhammad Yousuf Khan wrote: > By Peter > ------------- > > What you should be, at the very least, encouraging is STARTTLS over port > 587. Whether you want to support some very old Outlook clients and > offer TLS wrappermode over 465 is up to you but it is unlikely you will > find anyone who still needs this old and deprecated form of submission. > > > what do you mean by "very least". is there any preferable way then > STARTTLS.
I mean that the very least you should do is encourage your users to use port 587 with STARTTLS, you could do more by enforcing it. > - is this possible i enforce users/clients to only submit mails on port > 587 and i leave 25 for server to server communication only. Right, you really should not be allowing submission on port 25 at all. > and is this segregation is a good thought of mine or practical? Yes > isn't 465 is useless and can i close this if yes then how? That depends on if you have users that have very old versions of Outlook which don't support STARTTLS. In this case you should encourage or even require them to upgrade to a newer email client, but in case you can't do that then you might have to support port 465 for them. You close it by commenting out the smtps section in master.cf. Peter
