I have been reading the SMTP spec and other related RFCs (mainly 8314 & 6409) and can not wrap my head around it so I hope you guys can help me out.
I'm trying to setup an SMTP server for testing delivery of transactional messages and it is working as expected on submission, that is, if we point our mail sender to it, it will successfully ask for authentication, get the message and store it. All of this through port 587 using TLS.
Now I want to add a catch-all mechanism so that all email delivered to *@mydomain.com is stored on the same database, so I started to do some research. What I found is that once you send an email via SMTP it gets delivered by the MTA using SMTP too, in what the spec calls 'message relay'.
As I understand it, you need to listen in both ports, 587 for 'message submission' (with auth, checking that the sender is on your server) and port 25 for 'message relay' (without auth, checking that the recipient is on your server). Due to limitations on the underlying server framework there will be no STARTTLS support, only Implicit TLS, so no port 465.
So, the question is ¿am I understanding it right, in that there should be two listening ports with a different purpose?
And a bonus one: ¿how do a server negotiate auth when the ports are interchangeable (for example on CPanel you can use 465 or 25 for submission, the only difference is TLS support on each port; but also they receive incoming mail through port 25)?
It is important to note that the server's purpose is not to send any messages, but only to receive them from either webapps (for example to test if its password reset mailing works) or from other mail servers/MTAs (like Mailinator does, with a wildcard MX record, to test for incoming messages/replies).
Thanks in advance!