In general, citadel offers usual mail protocols. But, with some assumptions that ease the admins and the programmers life and makes the system more fool proof. You should read this carefully before integrating citadel in your network and firewall concepts. Citadel just offers plain auth, so if you're connecting via the internet be sure to have done StartTLS or have a SSL conenction.
Both of them do encryption. StartTLS starts plain text communication, and afer some conversation the client issues a StartTLS command, that initiates the encryption. SSL is just wrapping encryption around the base protocol, you could use the plain text protocol port, and wrap STunnel in front of it to achieve allmost the same result.
- Local delivery is a mail that is sent from some other mailserver to your citadel, and deliver it to citadels folders.
- Relaying is when a user writes a mail in his MUA and makes your citadel send it out into the wide world
The default internet mail protocol. Citadel speaks this via 5 ways, that offer several ways through the Citadel application stack:
- TCP port 25(SMTP); offers: Local delivery; by default just relay if you're authenticated. Encryption by StartTLS. You can however enable unauthenticated relaying in Administration→→Network→Enabe Relay. Don't do this if this port is publicaly reachable.
- TCP Port 465(SMTPS); SSL encryptet SMTP. Allows local delivery and authenticated relaying.
- TCP Port 587(MSA; Mail Submission agent); just authenticated smtp is allowed. Verry usefull if your ISP blocks port 25. Encryption via StartTLS
- lmtp.socket Unix Domain Socket: local delivery of mails. Mails are scanned by AV/AS facilities.
- lmtp-unfiltered.socket may relay mail out or deliver mail localy. AV/AS facilities are bypassed.
Pop3 just gives you access to your Inbox by design, as it doesn't know folders.
- Port 110 (POP3): Just Plain text mail retrieval is possible.
- port 995 (POP3S): SSL encrypted mail retrieval
Imap is Mail access Protocol, like SMB is for files. It knows folders and more advanced operations. Though the original intend of this approach is to leave the mails on the server and just browse them via networking, disconnected imap is available in some clients to reduce the traffic for Roadwarriors over low bandwith connections.
- Port 143 (IMAP): unencrypted IMAP; offers StartTLS.
- Port 993 (IMAPS): SSL encrypted IMAP
As noted above, citadel offers several SMTP services, and separate ports for the SSL enabled versions of several protocols. Thus it is not possible to bind several ports with one service.
However, if you want to make the same service available on multiple ports, your operating system can usually do this for you. For example, if you are running Citadel on port 25, here is a way to get Linux to also listen on port 2525 and redirect connections to port 25:
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 2525 -j REDIRECT --to-port 25
This would be used if, for example, you have a draconian ISP that blocks port 25 and you need to arrange to have your inbound email relayed via an alternate port.