Subject: The mailing list for listmasters using Sympa
List archive
Re: [en@sympa] Using Port 587 instead of 25 for Postfix under RHEL
- From: geoffroy desvernay <address@concealed>
- To: Chris Kay <address@concealed>, Chris Kay <address@concealed>, "address@concealed" <address@concealed>, "Janky Jay, III" <address@concealed>
- Subject: Re: [en@sympa] Using Port 587 instead of 25 for Postfix under RHEL
- Date: Mon, 10 Jun 2024 17:27:52 +0000
Hi Chris,
I see two separate questions here: sending and receiving, in both case most of the problem is not in sympa.
For sending mails, sympa typically use a MTA (postfix, sendmail, qmail, smtpd, exchange...). The MTA should trust sympa, and will typically be hosted near (localhost or a local network). I think configuring the local mail agent to use a 'submission' access (port 587 + authentication) is possible but has no or low security benefit.
For receiving mails, sympa also leaves this to sendmail, postfix, watever MTA is configured with your list's domain (`drill mx your.domain` should give you the name/address of your current MTA). On internet I'm not aware of a MTA not listening on port 25, most accepting STARTTLS nowadays.
This MTA will pass the mails to sympa using a command.
If you are configuring a new domain, you will need port 25 opened if you intent to receive directly any mail, or someone will need to configure a mail forwarder (with port 25 opened) to accept and forward mails adressed to your list's domain to your local MTA (in this case you can use any port, with or without encryption to receive those locally).
Hope this helps...
Geoffroy
I see two separate questions here: sending and receiving, in both case most of the problem is not in sympa.
For sending mails, sympa typically use a MTA (postfix, sendmail, qmail, smtpd, exchange...). The MTA should trust sympa, and will typically be hosted near (localhost or a local network). I think configuring the local mail agent to use a 'submission' access (port 587 + authentication) is possible but has no or low security benefit.
For receiving mails, sympa also leaves this to sendmail, postfix, watever MTA is configured with your list's domain (`drill mx your.domain` should give you the name/address of your current MTA). On internet I'm not aware of a MTA not listening on port 25, most accepting STARTTLS nowadays.
This MTA will pass the mails to sympa using a command.
If you are configuring a new domain, you will need port 25 opened if you intent to receive directly any mail, or someone will need to configure a mail forwarder (with port 25 opened) to accept and forward mails adressed to your list's domain to your local MTA (in this case you can use any port, with or without encryption to receive those locally).
Hope this helps...
Geoffroy
Le 10 juin 2024 15:45:21 UTC, Chris Kay <address@concealed> a écrit :
I see in the Sympa requirements docs that “Inbound and outbound SMTP connections (typically on TCP port 25) should be allowed”, but my security team told me that we must use 587 since 25 is insecure. Do I have to allow port 25 traffic to the server for Sympa to function?
From: address@concealed <address@concealed> on behalf of Janky Jay, III <address@concealed>
Sent: Saturday, June 8, 2024 1:03 AM
To: address@concealed <address@concealed>
Subject: Re: [en@sympa] Using Port 587 instead of 25 for Postfix under RHELCAUTION: This email originated from outside of Chegg. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hi Chris, Port 587 should be a Postfix setting (submissions,) not a Sympa setting. This will limit receiving email from external servers, though, as most use SMTP(S) (port 25) for delivery. I'd suggest using SMTP(S) on ports 25 (via STARTTLS)ZjQcmQRYFpfptBannerStartThis Message Is From an Untrusted SenderYou have not previously corresponded with this sender.ZjQcmQRYFpfptBannerEndHi Chris,
Port 587 should be a Postfix setting (submissions,) not a Sympa setting. This will limit receiving email from external servers, though, as most use SMTP(S) (port 25) for delivery. I'd suggest using SMTP(S) on ports 25 (via STARTTLS) alongside submissions (587) for the most acceptable configuration.
That being said, maybe I'm misunderstanding your question? Are you looking for something else more specific to Sympa? Like, restricting Sympa to only deliver via submissions? (Sympa will never receive anything from the submissions port as it would be handed off to the LDA or LMTP.)
Regards,
Janky Jay, III
On June 7, 2024 10:01:30 PM UTC, Chris Kay <address@concealed> wrote:New admin installing Sympa for the first time. I have everything installed, but I’m having a heck of time trying to set up Sympa to use send/receive over 587 only, and my research has found conflicting suggestions.
Can someone share how they accomplished this please?
Thanks and TGIF!
--
geoffroy desvernay
DSI/sysadm École Centrale Marseille
38 rue Joliot-Curie
13013 Marseille
+33 49105 4524
geoffroy desvernay
DSI/sysadm École Centrale Marseille
38 rue Joliot-Curie
13013 Marseille
+33 49105 4524
-
[en@sympa] Using Port 587 instead of 25 for Postfix under RHEL,
Chris Kay, 06/07/2024
-
Re: [en@sympa] Using Port 587 instead of 25 for Postfix under RHEL,
Janky Jay, III, 06/08/2024
-
Re: [en@sympa] Using Port 587 instead of 25 for Postfix under RHEL,
Chris Kay, 06/10/2024
- Re: [en@sympa] Using Port 587 instead of 25 for Postfix under RHEL, geoffroy desvernay, 06/10/2024
-
Re: [en@sympa] Using Port 587 instead of 25 for Postfix under RHEL,
Chris Kay, 06/10/2024
-
Re: [en@sympa] Using Port 587 instead of 25 for Postfix under RHEL,
Janky Jay, III, 06/08/2024
Archive powered by MHonArc 2.6.19+.