On 27 Sep 2019, at 11:33, Hugo Florentino wrote:
El vie, 27-09-2019 a las 09:33 -0400, Bill Cole escribió:
On 27 Sep 2019, at 7:06, Hugo Florentino wrote:
[...]
The most important element in doing this is to separate mail
submission
from inbound SMTP mail. In 2019 there is no reasonable excuse for
supporting submission via a port 25 SMTP server that also accepts
mail
from the Internet in general for local delivery. If you require your
users to use a port 587 or 465 submission service instead, you don't
need to make allowances for local submission on the main port 25
service.
This is one thing I was hopping to avoid, because I intended to enable
authenticated access to port 25 through STARTTLS so that clients who
use portable devices can check mail wherever they are withough having
to change ports constantly.
That sentence expresses 3 deep misunderstandings:
1. Authentication is not a function of STARTTLS, which is the SMTP
command used to initiate TLS encryption on an existing plaintext
session. The SMTP AUTH command is independent of TLS and is supported in
Postfix via an external SASL implementation (Cyrus or Dovecot.)
2. "Checking" mail is done with IMAP or POP and has nothing to do with
Postfix. As with SASL, the two most common software packages used in
conjunction with Postfix for accessing delivered mail are Cyrus and
Dovecot.
3. Segregating initial message submission (port 465 or 587) from SMTP
for transport (port 25) does not require users to change ports
constantly. If their client software fails to automatically determine
the proper port for submission, they only need to set it once.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
