1 Topic by juvix

  • juvix
  • Member
  • Offline
  • Registered: 2012-02-08
  • Posts: 41

Topic: Outbound email over SMTPS

==== Provide required information to help troubleshoot and get quick answer ====
- Linux/BSD distribution name and version: Centos 6.2
- iRedMail version and backend (LDAP/MySQL): OpenLDAP 0.7.4
- Any related log? Log is helpful for troubleshooting.
====

I am trying to send e-mail on SSL over port 465 but get a connection error.

If I use port 587 StartTLS I can authenticate fine.

Does SSL over port 465 not work or is additional action required on my part?

I am using Mozilla thunderbird btw.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Outbound email over SMTPS

Please use port 587 with STARTTLS instead of port 465.

3 Reply by juvix

  • juvix
  • Member
  • Offline
  • Registered: 2012-02-08
  • Posts: 41

Re: Outbound email over SMTPS

Thanks Zhang, I tested this is it works fine. Just curious because in the config files, there is 465 open for SSL/TLS. Is this disabled in iredmail? Is SSL not possible on port 465?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Outbound email over SMTPS

SMTPS is depreciated, so we didn't enable it by default.
Reference: http://www.iredmail.org/forum/topic2648 … iated.html

5 Reply by juvix

  • juvix
  • Member
  • Offline
  • Registered: 2012-02-08
  • Posts: 41

Re: Outbound email over SMTPS

Recommend changing iptables config for future installations of iredmail to leave port 465 unopened.

6 Reply by c33s

  • c33s
  • c33s
  • Member
  • Offline
  • From: Austria
  • Registered: 2011-04-06
  • Posts: 40

Re: Outbound email over SMTPS

i just ran into the same problem of not having smtps running and found the info here about SMTPS is depricated.

not sure if it is a good idea to disable smtps. why?
because if you use the smtps port and try to connect without ssl it simply fails. as far as i understand, having a starttls command failing, the protocol falls back to the unencrypted mode without informing anyone.

from the point of security, this is not that cool. i wouldn't sacrifice security just to don't use depricated protocols (which, in this case, provide more security)

the wiki entry of https://en.wikipedia.org/wiki/STARTTLS links to a tls check page, where i also found this: http://www.checktls.com/forcetls.html

conclusio:
- reenable the smtps port
or
- provide a forecetls option

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Outbound email over SMTPS

c33s wrote:

- provide a forecetls option

You need 'smtpd_tls_security_level = encrypt' in Postfix main.cf.

Reference:
http://www.postfix.org/postconf.5.html# … rity_level