DirectAdmin recently has enforced stricter rules for sending mail (changelog).

The long story short is that starting with the DirectAdmin version 1.676:

• Port 25 cannot be used for the mail submission. It’s dedicated for server to server comunication.
• Authentication via port 587 works only when using StartTLS.

The changelog also provides a way to revert the full or partial functionality to the previous one in case the impact is bigger than expected.

However, the change is strongly adviced. But before jumping to the stricter mode, you may want to collect some stats to visualize how much users are actually using the forbidden settings.

Mail proxy setup to have a common mail.domain.tld that proxies IMAP and SMTP connections to the appropriate DA servers.

1
2
3
4

mail.server.tld
 ├─da1.server.tld
 ├─da2.server.tld
 └─da3.server.tld

If a user insists on maintaining support for legacy systems to enable connections using older SSL methods, one option is to set ssl_configuration=old in the options.conf file of custombuild. However, this setting changes the SSL ciphers for all web-related services as well. Alternatively, it is possible to downgrade the ciphers exclusively for mail services without affecting the web services.