Some internet access providers have port 25 disabled in their routers to prevent spam. If you run your own mailserver in a datacenter, you might have to enable the submission port (587) in postfix to be able to send emails from your local email client to your own mailserver.

To enable port 587, edit the file /etc/postfix/master.cf

vi /etc/postfix/master.cf

and remove the # in front of the line:

#submission inet n - n - - smtpd

so that it looks like this:

submission inet n - n - - smtpd

and restart postfix:

/etc/init.d/postfix restart

How to enable port 587 (submission) in postfix
Tagged on:     

15 thoughts on “How to enable port 587 (submission) in postfix

  • Avatar
    January 5, 2011 at 9:56 pm
    Permalink

    Make sure you enable this port in your firewall settings in ISPCONFIG3 aswell. Otherwise it wont work.

    Reply
  • Avatar
    February 1, 2011 at 1:55 pm
    Permalink

    It should work – I think , just punch in port 587 and voilla !!

    Reply
  • Avatar
    February 18, 2011 at 9:40 am
    Permalink

    you must also create an iptables prerouting for redirect inbound port 25 to port 587.

    Reply
  • Avatar
    February 21, 2011 at 1:50 pm
    Permalink

    That is not true And Would not add a benefit

    Reply
  • Avatar
    February 5, 2012 at 5:35 am
    Permalink

    Great post. I have been trying to get my postfix server to accept email from external authenticated clients on both port 25 and 587 for days, and haven’t been able to get it to work. I uncommented the submission line in master.cf, and opened up port 587 on my amazon server, and it worked! If only I had found this earlier. Thanks.

    Reply
  • Avatar
    August 12, 2012 at 3:29 am
    Permalink

    You guys are all missing something very important here. “Submission” isn’t meant to be a straight copy of the plain auth port 25. Its meant to be encrypted. This is a ‘correct’ “Submission” entry in master.cf:

    submission inet n – n – – smtpd
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING

    The milter macro line isn’t needed in all configs, you should know what you’re doing before you rock and roll.

    IMO you should probably not be using port 25 OR port 587. You should be using SSL (465), which is properly configured like this:

    smtps inet n – n – – smtpd
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING

    And is what I actually am using on my production server.

    Reply
    • Avatar
      January 31, 2018 at 12:31 am
      Permalink

      Dylan,

      TLS is not actually required for the use of port 587 as submission mechanism.
      RFC 6409 (which defines the use of port 587 for use for mail submission from local users) specifically states that the mail server MAY use STARTTLS. So it is not required. Often it is used that way but you do not have to, and what the OP states is 100% correct.

      Reply
  • Avatar
    September 17, 2012 at 7:11 pm
    Permalink

    Dear Dylan,

    nice note about the TLS. However not only the milter line depends on the specific configuration, but all lines, and they also should exist in the version of postifx that is used. For example, another possible option is “-o smtpd_enforce_tls=yes”, but it may be deprecated (haven’t checked so far).

    As for the SSL and port, please note that port 465 is deprecated for SMTPS and is no longer RFC-compliant. This port is already assigned for different purposes. Wiki provides more info, you can also check the RFC. Hope this helps.
    http://en.wikipedia.org/wiki/SMTPS

    Reply
  • Avatar
    March 14, 2013 at 8:06 pm
    Permalink

    Cool….Simply awesome!!!

    Reply
  • Avatar
    April 10, 2013 at 7:08 am
    Permalink

    Just wondering if its possible to restrict all out-going mails to port 587 and NOT allow any sending out of emails on port 25.

    Port 25 should only be used to receive mail and NOT send out …How can I do this?

    Reply
  • Avatar
    July 11, 2013 at 5:00 pm
    Permalink

    perfect.

    Thanks for this post, was very helpful.

    Reply
  • Avatar
    September 10, 2014 at 1:22 pm
    Permalink

    Nice!
    I could finally manage this issue.
    Thank you

    Reply
  • Avatar
    May 21, 2019 at 10:13 am
    Permalink

    Hello

    i want to change iredmail postfix port ,at this time port 465 but i want to change port 578 so
    please help me .

    thanks

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*