- or deliver
- The submission ports (463, 587) are expected to be able to transmit email from clients.
- while the other port (ie 25) is expected to receive email from a smtp server (mta)
Note that the process that accepts message submissions is called a Message Submission Agent (MSA)
The port 25 is a port:
- with plain connection (ie without TLS)
- without authentication.
The localhost port 25 is used by Postfix or a similar mail server running on the local machine.
- For remote clients, it denies relay and accepts only to receive email for the domain that it manages.
- For local clients, it accepts to send email.
The port 465
- runs on a secure connection with TLS
- should allow only authenticated users
- is mostly never blocked by a firewall (ISP or others)
As your users are authenticated, you should not score their email or any traffic activities otherwise you could block your own users.
The port 587 has the same properties than the port section25, except that it accepts only authenticated connections.
The port 2525 is a backup port for the port 25 in case the other ports are blocked by a network provider or a firewall.
The port 2587 is a backup port for the port 587 in case the other ports are blocked by a network provider or a firewall.
To open port 587, with postfix, the submission line should be uncommented and parameters should be overwritten.
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
If you want to known more about the subject, there is also a whole specification. See RFC6409 - Message Submission for Mail