Best practice for SMTP relay with user authentication.

David Robillard david.robillard at gmail.com
Mon Aug 13 07:41:43 PDT 2007 

> I have my postfix authenticate users before accepting mail for non-local
> delivery. Till now, users can connect to port 25 and 465 (smtps) use
> STARTTLS and authenticate.
>
> But, I stumbled upon submission port 587 which is not reserved - it
> appeas - for a protocol but for a use?
>
> I'd like to align my configuration with best practice. Should I just
> move postfix to bind to port 587 or did I misunderstand that submission
> is indeed a different protocol? Is there any best practice for which
> protocol should be used for submission?

Port 587 is used by the Mail Submission as defined in section 3.1 of
RFC 2476 - Message Submission:

3.1. Submission Identification

Port 587 is reserved for email message submission as specified in this
document. Messages received on this port are defined to be
submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with
additional restrictions as specified here.

While most email clients and servers can be configured to use port 587
instead of 25, there are cases where this is not possible or
convenient. A site MAY choose to use port 25 for message submission,
by designating some hosts to be MSAs and others to be MTAs.

Basically, port 25 is used by Mail Transfer Agents (MTA) while 587 is
used by the Mail Submission Programs (MSP).

If you need more info, check the "Bat Book" (i.e. Sendmail by
O'Reilly) which is pretty clear on that topic. You can also check
"Sendmail Cookbook" also from O'Reilly for tips, tricks and recipies
on what you can do with MSP. Of course, it's sendmail related. But I'm
quite sure you can adapt it to Postfix or whatever your organisation
uses to handle emails.

Finally, IMHO the best description of the what, where and why of
Submission is described in the "UNIX System Administration Handbook"
by Nemeth, Snyder, Seebass & Hein. Check it out at
http://www.admin.com. It's a must read for all UNIX systems
administrators.

HTH,

David
-- 
David Robillard
UNIX systems administrator & Oracle DBA
CISSP, RHCE & Sun Certified Security Administrator
Montreal: +1 514 966 0122

More information about the freebsd-questions mailing list