Re: Postfix and local mail redirection

To: Sad Clouds <cryintothebluesky%gmail.com@localhost>
Subject: Re: Postfix and local mail redirection
From: "Greg A. Woods" <woods%planix.ca@localhost>
Date: Tue, 26 Nov 2024 11:30:27 -0800

At Tue, 26 Nov 2024 11:37:46 +0000, Sad Clouds <cryintothebluesky%gmail.com@localhost> wrote:
Subject: Re: Postfix and local mail redirection
>
> Thanks for info. As far as I understand services on ports 25 and 587
> use the same SMTP protocol. Port 25 is recommended for mail relaying
> and port 587 is recommended for mail submission. What is the difference
> between the two? You can probably think of mail submission as relaying
> that mail through a particular SMTP server to its final destination.

Primary mail transport (i.e. "relay") is always SMTP over port#25.  It's
not really a "recommendation" per say, but a standard requirement.  One
would need special direct arrangements with any remote site in order to
deliver SMTP connections to them via anything other than port#25.

Email submission is thus given a separate port so that ISPs can
implement firewalls and other security and policy mechanisms (including
authentication and authorization, and perhaps encryption) that are
separate from those policies they may have for remote delivery via SMTP;
e.g. to allow clients to submit email for remote delivery to a central
relay while not allowing them to deliver email directly to any remote
sites.  I.e. an ISP usually should want to block all outgoing port#25
connections at their network border(s) unless they come from an
authorized mail relay host.

See RFC 6409's "Introduction" section for more.

> I'm thinking SMTP clients connecting to port 587 are forced to always
> use TLS and authentication.

No, as I said, I don't use any authentication for my systems, nor do I
even use TLS.  I do have authorization policies implemented though.

> In other words, SMTP protocol does not support different types
> of "streams" e.g. relay or submission, hence as an afterthought, port
> 587 was designated for submission only. Is this correct?

One can do email submission directly to port#25 using plain (and/or
enhanced) SMTP, but the separation of concerns for various networking
policies one may need to implement make it much easier to use a separate
port.

Again, see RFC 6409.

--
					Greg A. Woods <gwoods%acm.org@localhost>

Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>

Attachment: pgpEmkYmkHgax.pgp
Description: OpenPGP Digital Signature

Follow-Ups:
- Re: Postfix and local mail redirection
  - From: Sad Clouds

References:
- Postfix and local mail redirection
  - From: Sad Clouds
- Re: Postfix and local mail redirection
  - From: Greg A. Woods
- Re: Postfix and local mail redirection
  - From: Sad Clouds

Prev by Date: Re: Set things in Xresources
Next by Date: Re: Set things in Xresources
Previous by Thread: Re: Postfix and local mail redirection
Next by Thread: Re: Postfix and local mail redirection
Indexes:

Home | Main Index | Thread Index | Old Index