Browse Source

Use submission port for client outgoing email

Currently client email is submitted via ssmtp (port 465).  This has been
deprecated for years.  The correct way to submit email is via
submission (port 587).

This patch adds port 587 as a second and the default way of submitting
email for delivery.  Port 465 remains open for backwards compatibility
with existing clients.
Mike Ashley 8 years ago
parent
commit
166c57f045

+ 7
- 6
roles/mailserver/files/etc_postfix_master.cf View File

@@ -13,12 +13,13 @@ smtp       inet  n       -       -       -       1       postscreen
13 13
 smtpd      pass  -       -       -       -       -       smtpd
14 14
 dnsblog    unix  -       -       -       -       0       dnsblog
15 15
 tlsproxy   unix  -       -       -       -       0       tlsproxy
16
-#submission inet  n       -       -       -       -       smtpd
17
-#  -o syslog_name=postfix/submission
18
-#  -o smtpd_tls_security_level=encrypt
19
-#  -o smtpd_etrn_restrictions=reject
20
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
21
-#  -o milter_macro_daemon_name=ORIGINATING
16
+submission inet  n       -       -       -       -       smtpd
17
+  -o syslog_name=postfix/submission
18
+  -o smtpd_tls_security_level=encrypt
19
+  -o smtpd_etrn_restrictions=reject
20
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
21
+  -o smtpd_sasl_security_options=noanonymous,noplaintext
22
+  -o smtpd_sasl_tls_security_options=noanonymous
22 23
 
23 24
 # SMTP over SSL/TLS on port 465.
24 25
 smtps     inet  n       -       -       -       -       smtpd

+ 1
- 0
roles/mailserver/tasks/postfix.yml View File

@@ -63,4 +63,5 @@
63 63
   with_items:
64 64
     - smtp
65 65
     - ssmtp
66
+    - submission
66 67
   tags: ufw

+ 2
- 2
roles/mailserver/templates/var_www_autoconfig_mail_config-v1.1.j2 View File

@@ -20,8 +20,8 @@
20 20
         </incomingServer>
21 21
         <outgoingServer type="smtp">
22 22
             <hostname>{{ mail_server_hostname }}</hostname>
23
-            <port>465</port>
24
-            <socketType>SSL</socketType>
23
+            <port>587</port>
24
+            <socketType>STARTTLS</socketType>
25 25
             <authentication>password-cleartext</authentication>
26 26
             <username>%EMAILADDRESS%</username>
27 27
         </outgoingServer>

Loading…
Cancel
Save