|Main Archive Page > Month Archives > postfix-users archives|
Am 02.04.2011 21:58, schrieb Jeroen Geilman:
> On 04/02/2011 09:50 PM, Alex wrote:
>> Okay, I think I have it working correctly now. I believe my mistake
>> was with using the incorrect ports for authentication.
> Authentication doesn't have a "port" - it is an integral part of the SMTP protocol.
>> I think I may
>> not fully understand the logic behind the whole process still,
>> I've changed smtpd_tls_security_level to 'may' from 'encrypt' in
>> main.cf because it also needs to be able to accept mail from non-TLS
>> authenticated clients (which are actually other postfix servers) in
>> addition to my K9 android mail client.
> You shouldn't run TLS at all on port 25 if you're not using it for submission - and there is no reason to do so
sorry but that is nonsense
YOU SHOULD ENABLE IT OR YOU CAN DISABLE SSL ON IMAP/POP3 TOO
what sense makes it to encrypt receiving messages over ssl with
your client as long other mail-servers deliver thmen
if you wuld like encrypted services EVERY host and protocol which is
involved should support TLS or you can disable it completly
secuity level "may" is correct because not every host supports encryption
but if the host support it tls should be used, so the message is encrypted
from one client to the receiver, least you minimize the count
of unencrypted hops