SMTP SUBMIT servers
A TCP/IP channel marked with the
submit channel option will function with respect to message submission as an SMTP SUBMIT server, as defined in RFC 6409 (Message Submission for Mail). Port 587 is reserved for SMTP SUBMIT use, so
submit is normally set on the channel that, in the Dispatcher configuration, is associated with port 587; see the
dispatcher.tcp_ports option (Unified Configuration). But SMTP SUBMIT service can also be set up on a different or other ports, if desired: any incoming channel marked with
submit will operate as an SMTP SUBMIT server. RFC 5068 (Email Submission Operations: Access and Accountability Requirements), also known as BCP 134, encourages sites to support---and indeed transition to using---SMTP SUBMIT rather than regular SMTP for initial submission of user messages.
The configuration established when the MTA is installed normally includes an SMTP SUBMIT server in the form of a
tcp_submit channel; this channel is marked with the
submit channel option, and the Dispatcher configuration sets it to listen on port 587. In accord with RFC 5068's recommendations, the channel is also marked with
maytlsserver, meaning that users must authenticate to submit messages to this channel and may use TLS. See Typical TCP/IP channels and servers for an example. (TLS use should be encouraged, but is not outright required in this typical configuration; sites that prefer to also require TLS use may instead set
Sites should encourage their local users to submit messages to the SMTP SUBMIT server on port 587, rather than to the regular SMTP server on port 25. But note that this does also imply that users must authenticate and ought to use TLS---some configuration of the users' clients may be needed to achieve this.