On 29.11.22 22:26, DL Neil wrote:
Postfix on VPS is lightly-loaded, currently running happily with SPF,
DKIM, DMARC, etc; and delivering inbound messages to Dovecot. MUAs
submit outbound messages using STARTTLS and port 25.
while using starttls and authentication on port 25 is possible, I recommend
moving to other ports for MUA submission and keep 25 for server-server
communication.
This also helps implementing additional checks against spambots like
postscreen uses.
To suit certain ISPs, plan to expand to (also) enable port 465
(described as "implicit TLS") and/or port 587 (described as "explicit
TLS"). Have such descriptions been superseded by STARTTLS?
Nevertheless, and with Postel's law in-mind, should both ports be
implemented (and be done with any distinctions)?
Some networks may have one of those ports disabled.
Some AV software may have problem with those ports.
I've noticed some using port 2525. Any point?
From what I remember, only because people didn't know about 465/587
(In case it is relevant, next 'expansion' will be to implement a
web-mail alternative/choice to Mozilla Thunderbird, etc, clients)
Also consider implementing 2FA / OAUTH for clients.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels don't get sucked into jet engines.
