Skip to Content

Enabling the SMTP Submission Port (587)

Estimated Reading Time: 2 Minutes

This documentation is applicable to Ubersmith 5.1.x and newer and provides instructions for enabling the SMTP submission port (587/tcp) for the mail container.

Prerequisites

  • Ubersmith 5.1.x or newer installed.
  • Access to the server running Docker and your Ubersmith installation.
  • A valid SSL/TLS certificate from a trusted Certificate Authority. Self-signed certificates will not work.

Configuration Steps

Follow these steps to enable the submission port.

1. Locate your docker-compose.override.yml

Change your directory to your Ubersmith installation path. The default is /usr/local/ubersmith.

cd /usr/local/ubersmith

All modifications will be made to the docker-compose.override.yml file.

2. Expose Port 587

In docker-compose.override.yml, add a ports directive to the mail service definition to expose port 587.

If you do not plan to accept mail on the standard SMTP port (25), you can remove the "25:25" line.

services:
  mail:
    ports:
      - "25:25"
      - "587:587"

3. Configure TLS Certificate

Ensure that the mail container is configured to use your trusted TLS certificate. This is configured in the environment section of the mail service definition.

Update the paths to your certificate and private key files.

services:
  mail:
    volumes:
    # ... other configuration ...
      - "/usr/local/ubersmith/conf/ssl:/var/www/ubersmith_root/conf/ssl"
    # ... other configuration ...
    environment:
      - "POSTCONF_SMTPD_TLS_CERT_FILE=/etc/ssl/certs/your_domain.com.pem"
      - "POSTCONF_SMTPD_TLS_KEY_FILE=/etc/ssl/private/your_domain.com.key"

4. Apply Changes

Recreate the mail container to apply your new configuration.

docker compose up -d mail

Authentication

By default, after following the steps above, the mail container will accept mail on port 587 without authentication. This is a significant security risk.

It is strongly recommended that you restrict access to port 587 to trusted IP addresses at your firewall level.

For a more robust solution, you should configure Postfix to require SASL authentication.

Enabling SASL Authentication

Configuring SASL is a complex topic. For more information, refer to the official Postfix SASL README.

 
Enabling the SMTP Submission Port (587)
Estimated Reading Time: 2 Minutes  Ubersmith Operations July 15, 2025 0
Related Articles
Implementation FAQs
Translating the Ubersmith Interface
Forcing HTTPS (SSL/TLS) Redirects
Performing a Complete Search Index Rebuild
Migrating Ubersmith Appliances 3.x to 4.x
Migrating Ubersmith Appliances 4.x to Latest Release
Ubersmith and Docker
Forwarding Email from Additional Addresses
Disaster Recovery
PA-DSS Implementation Guide
Secure Code