allow authenticated relaying on port 25

Gavin McCullagh gavin.mccullagh at
Thu Aug 5 14:26:16 CEST 2010


On Tue, 03 Aug 2010, Gavin McCullagh wrote:

> On Tue, 03 Aug 2010, Gavin McCullagh wrote:
> > we're using postfix 2.2.3.  We need to allow postfix to accept and relay
> > email to authenticated users from the 'net on port 25.  How is this done?

> On the new Kolab setup, SASL auth from the outside world doesn't appear to
> work.  Internal hosts are part of mynetworks, so they're okay.
> My android phone works fine on port 587.   On port 25, the phone tells me
> (if I have TLS on) that my outgoing server does not support TLS.  If I set
> the security type to "none", I get the error "your outgoing server does not
> support TLS".

It turns out that the reason this is not a kolab or postfix problem at all.

The issue is down to my 3G network provider passing me transparently
through some description of SMTP proxy.  The proxy (presumably deliberately
obscures the STARTTLS ehlo response, which effectively prevents use of TLS
on port 25, and kolab (quite rightly) prevents auth without TLS.

By switching to port 587, I was skipping around the transparent proxy.
SMTP over SSL on Port 465 also works fine.

I'm a little puzzled why use of TLS is prohibited on port 25.  I would have
thought a spammer wouldn't use TLS if connecting direct to an open relay or
the destination mail server.


More information about the users mailing list