On September 14, 2015 3:23:31 AM Alice Wonder <al...@domblogger.net> wrote:
For security transfer, can I have the setup in Postfix to force peer MTA using SMTP/SSL port (465) for email delivery only? Thx.
Port 465 is deprecated. It should not be used.
can you say what mua it is that in ? when i use ssl in thunderbird 38.2 it shows default port 465
25 is what your server should use to accept mail from other MTAs.
correct
If you change that, other servers won't be able to connect.
we dont know if he ment mta 2 mta, or mua to mta yet
You can require those other MTAs use encryption but then you might not receive some mail.
tls should not be forced yet imho, atleast not mta 2 mta
587 is what what your server should use, with TLS, for message user agents (e-mail clients) connecting.
as mua supports port 465 with ssl i see no point to change to 587 submission for tls, port 465 can aswell do tls
Message user agents should not be allowed to send through 25.
starttls on port 25 should be ok, its needed for dane, but sasl auth is not good to be on port 25 so disable sasl global in main.cf and enable just sasl on smtps and submission, done
Not sure I covered what you were asking.
he migth ask again :)
