On Mon, Mar 13, 2017 at 04:19:48PM -0300, Jeronimo L. Cabral wrote:
> I need STARTTLS server side connection, because the client side connection
> is working OK.
This may mean something to you, but I for one have no idea what
you have in mind when you say that.
> I have Postfix 2.11, so you say if I use STARTTLS with port TCP/25 the
> authentication is in plain text...but if I set up STARTTLS on port TCP/587
> the authentication is encrypted too with TLS....
No. However, on port 587 you can *require* TLS, while on port 25
TLS is generally optional. Of course you can restrict "AUTH" to
TLS only, but it is best to not offer AUTH on port 25.
> I believed using STARTTLS on port TCP/25 I have encrypted both login and data.
If the client chooses to use TLS.
> In case I set up STARTTLS in port TCP/587, both login and data go through
> it ??? Or just login through port TCP/587 and the data go through port
> TCP/25 ???
No everything is will be on 587, SMTP is a single-channel protocol.
Of course the client has to be configured to submit via 587, and
needs to authenticate.
--
Viktor.
