Enable SMTPS Port 465 in Postfix SMTP Server For Email Submission

In previous articles, we discussed how you can quickly set up your own mail server by using iRedMail or Modoboa, and also how to set up mail server from scratch on Ubuntu. This tutorial will be showing you how to enable SMTPS port 465 in Postfix SMTP server, so Microsoft Outlook users can send emails. SMTPS stands for Simple Mail Transfer Protocol Secure.

Why Enable SMTPS

Usually mail clients like Thunderbird submit outgoing emails to SMTP server over port 587, encrypted with STARTTLS. However, some mail clients (particularly Microsoft Outlook) can only submit outgoing emails over port 465, the SMTPS port. By default, both iRedMail and Modoboa only enables submission over port 587.

Enable SMTPS Port 465 in Postfix SMTP Server

SMTPS used as submission protocol is confusing, isn’t it? Let me explain. Originally in 1997, IANA (Internet Assigned Numbers Authority) assigned port 465 for SMTPS, which was intended to be used to encrypt communication between one SMTP server to another SMTP server, like mail.google.com and mail.yahoo.com. Later, STARTTLS came along, which allows SMTP servers to talk to each other securely over the existing SMTP port 25, so there’s no need to dedicate port 465 for secure SMTP any more. The SMTPS port was revoked. However, some mail clients like Microsoft Outlook erroneously interpreted smtps as submissions and used port 465 for email submission and it’s still the case to this day.

Another reason to enable port 465 submission is that it’s now encouraged by IETF (Internet Engineering Task Force). There are two approaches to secure email communications:

  • Use STARTTLS on existing port (like STARTTLS on port 587)
  • Implicit TLS on another dedicated port (IMAP on port 143, IMAPS on port 993)

Now IETF  believes that the STARTTLS approach isn’t perfect and started promoting the use of implicit TLS. It published RFC 8134 in January 2018 to encourage the use of port 465 for email submission, and RFC 8461 in September 2018 to encourage the use of MTA-STS for secure SMTP. Port 465 is likely to be renamed as the submissions port.

Note: Almost all mail clients can also submit outgoing emails on port 25, but most residential ISPs block port 25.

How to Enable SMTPS Port 465 in Postfix SMTP Server

Edit the Postfix master.cf file.

sudo nano /etc/postfix/master.cf

If you are using iRedMail, add the following lines at the end of this file.

smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

If you are using Modoboa, add the following lines at the end of this file.

smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_proxy_filter=inet:[127.0.0.1]:10026

If you followed my setting up mail server from scratch tutorial, add the following lines instead.

smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

Save and close the file. Restart Postfix for the change to take effect.

sudo systemctl restart postfix

Open TCP Port 465 in Firewall

If you are using UFW, then run the following command to open TCP port 465.

sudo ufw allow 465/tcp

If you are using iptables, then run the following command.

sudo iptables -A INPUT -p tcp --dport 465 -j ACCEPT

Configure Mail Clients to Use Port 465 for Submission

Microsoft Outlook supports submission on port 465 only, so you don’t need to do special configuration. Mozilla Thunderbird defaults to port 587 for submission. It also supports port 465 with SSL/TLS encryption.

SMTPS port 465 postfix

Conclusion

I hope this tutorial helped you enable SMTPS port 465 in Postfix SMTP server. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 3 Average: 5]

5 Responses to “Enable SMTPS Port 465 in Postfix SMTP Server For Email Submission

  • frapulle
    7 months ago

    I haven’t the lines in Iredmail, what should i do?

  • frapulle
    7 months ago

    I followed this tutorial: https://www.linuxbabe.com/mail-server/ubuntu-18-04-iredmail-email-server

    I added those lines at the end of master.cf file.

    smtps     inet  n       -       y       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
      -o content_filter=smtp-amavis:[127.0.0.1]:10026

    But if I connect my SMTP with Sendblaster on port 465, it doesn’t work. Do you know what the problem is?

    • How to enable port 465 if we using Mail in a Box in our vps? The default is startssl 587 it didn’t give any info about using port 465. Thanks!

  • i have the same problem.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • If you ask me more than 5 questions, I expect you to make a donation, or I would stop answering your questions.