On 09/13/2015 06:34 PM, Ken Peng wrote:
On 2015/9/14 ζζδΈ 9:23, Alice Wonder wrote:
On 09/13/2015 06:07 PM, Ken Peng wrote:
Hi,
For security transfer, can I have the setup in Postfix to force peer MTA
using SMTP/SSL port (465) for email delivery only? Thx.
Port 465 is deprecated. It should not be used.
25 is what your server should use to accept mail from other MTAs.
If you change that, other servers won't be able to connect.
You can require those other MTAs use encryption but then you might not
receive some mail.
587 is what what your server should use, with TLS, for message user
agents (e-mail clients) connecting. Message user agents should not be
allowed to send through 25.
Not sure I covered what you were asking.
Thanks for the reply.
When I setup port 25 to receive messages, the peer MTA will or will not
do delivery with SSL. So I was asking if there is a way to force peer
MTA to use SSL only.
There is but it breaks the RFC
set
smtpd_tls_security_level = encrypt
But the RFC (I don't know number offhand) says you have to accept mail
that isn't encrypted.
