From: Alan Becker (beckerasoftrends.com)
Date: Thu Sep 04 2003 - 23:30:47 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks so much for the information posted in the response below: it was
_most_ helpful.

I have configured Postfix as described below to listen on alternate
ports. Currently,
it is listening to 24, 25, and 587. In the early stages of deploying
this service, we
have encountered 2 external connectivity providers (out of 3 tried)
which are
filtering or redirecting port 25. In both cases we were able to connect
using one
or the other of the alternate ports. Obviously, this interference with
port 25
is already a significant issue.

I would like to configure as large a set of alternate ports as
practical, while sticking
to ports that have some relationship to mail services. I reviewed the
/etc/services
file in RH8 to see what might there. I came up with the following:

Port (service_name) Description
24 (_none_) Private mail
50 (re-mail-ck) Remote mail checking protocol
174 (mailq) MAILQ
587 (submission) Mail message submission
465 (smtps) smtp over SSL (TLS)

In doing Google searches on these various ports and their names, I found
some confusing results. For example, take port 465 (smtps): one document
from 1998 says that the IETF registration for this port was revoked.
Numerous
other documents seem to indicate that it is widely used for encrypted
SMTP, but
also seem to indicate that the protocol is different than the "STARTTLS"
method used by SASL Auth over TLS. I also saw a listing for port 24 as
a "Back Office 2000 Control port".

Although our preferred (supported) mail client is Netscape/Mozilla 7.x,
we must
also support Outlook/Outlook Express for a few clients. Under that
scenario, I
would appreciate any commentary from those familiar with the use (actual
or intended)
of these ports, as ports to use or avoid, or any other recommendation or
method
for selecting a set of alternate ports for SMTP with SASL Auth over TLS.
TIA,
A. Becker

LuKreme (List User Kreme) wrote:

>
> As long as you are authenticating remote users, using alternate ports
> is a great way to go, and postfix can listen on any ports(s) you tell
> it to. You *MUST* authenticate the users somehow though, or you will
> become an open-relay and end p cut off from large chunks of the internet.
>
> A standard backup is port 587 (the submission port) or port 24
> (private mail). So far I have not seen either of these blocked by
> ISPs. Of course, using a non privileged port like 2525 or 8025 is
> also an idea.
>
> /etc/postfix/master:
> smtp inet n - n - - smtpd
> 24 inet n - n - - smtpd
> submission inet n - n - - smtpd
>
> will enable postfix listening on 24, 25, and 587, for example.
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]