You can run an smtp server on any port you want. The advantage to not using one of the standard ports is that you won't have as many attacks from spammers and password guessing attacks. The smtp parameters that are specified in main.cf are the default for all of your smtp servers however any of the parameters can be overridden in master.cf. So to define an smtp server on port 1234 which requires TLS (issued via a STARTTLS) and must have SASL authentication you would add the following entry to master.cf: 1234 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject The port number can also be any named port in /etc/services. For any public SMTP server on the internet, I believe the relevant RFC specifies that you must accept unauthenticated, unencrypted (NON-TLS) connections on port 25 (sort of obvious if you want to receive incoming mail from the Internet). What I do on my servers is to disallow relaying and authentication from my port 25 smtp server and require all of my mail clients to connect on the port that I designate, requiring TLS+SASL auth. Nataraj