From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 24 17:04:47 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 070C550C
 for <freebsd-questions@freebsd.org>; Sun, 24 Mar 2013 17:04:47 +0000 (UTC)
 (envelope-from norgaard@locolomo.org)
Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es
 [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id B249770E
 for <freebsd-questions@freebsd.org>; Sun, 24 Mar 2013 17:04:45 +0000 (UTC)
Received: from gamma.local (unknown [192.168.1.2])
 by mail.locolomo.org (Postfix) with ESMTPSA id 684231C0841
 for <freebsd-questions@freebsd.org>; Sun, 24 Mar 2013 18:04:44 +0100 (CET)
Message-ID: <514F322B.2010106@locolomo.org>
Date: Sun, 24 Mar 2013 18:04:43 +0100
From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= <norgaard@locolomo.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
 rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Re: Client Authentication
References: <B2DC7342-9F1A-489A-94F0-49802B1E5DF6@lafn.org>
 <CAFuo_fyNVfNvC9mcP5zY9c3zZMVuV9TNCHgS5EBbXey7GyxYRg@mail.gmail.com>
 <21ECABE0-0946-469F-8A6C-08194571A8D9@lafn.org>
 <CAFuo_fxOT4BkXFF_6M0xPQVm1aM+RvhPeMNyBeY2xER+8gUnRw@mail.gmail.com>
In-Reply-To: <CAFuo_fxOT4BkXFF_6M0xPQVm1aM+RvhPeMNyBeY2xER+8gUnRw@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2013 17:04:47 -0000

On 24/03/2013 17:50, Waitman Gobble wrote:
> On Sun, Mar 24, 2013 at 1:25 AM, Doug Hardie <bc979@lafn.org> wrote:
>
> One idea is to run a different server process on 25 which does not do SMTP
> AUTH,, then run SMTP AUTH on 465 or 587. I don't really see a reason to
> advertise SMTP AUTH on 25, for some reason all mail servers seem to do AUTH
> on all ports or none. Maybe there is a way to configure SMTP AUTH only on
> certain ports, one way I can think of is to run two processes with two
> configs.

Port 25 should be open for external connections and allow only local 
delivery. 465 is STMPS and should be configured as 25 but with SSL, this 
is really only useful if you have a certificate issued by a trusted CA 
as other servers will otherwise reject your certificate as untrusted.

Port 587 is for message submission, see RFC 2476, you can configure it 
with TLS (serverside) and it should only advertise STARTTLS. Here you 
can create your own CA as you control all clients who are authorized to 
connect and can install the CA certificate.

A simpler setup though is to have yor MTA listen on both port 25 and 587 
and announce all services required for local delivery plus STARTTLS. 
Then require TLS for authentication.

I understood you use dovecut as MDA? which is your MTA? With postfix the 
above is pretty simple to set up.

BR, Erik
-- 
M: +34 666 334 818
T: +34 915 211 157