Loading ...
Sorry, an error occurred while loading the content.

229143Re: port 465 problems

Expand Messages
  • Bill Cole
    Nov 1, 2007
      At 10:50 PM -0700 10/31/07, travel kid wrote:
      >hello folks,
      >i found some users having troubles since their isp's
      >were blocking outbound 25. so i am attempting to get
      >smtp+ssl on port 465 working.

      Pure SSL+SMTP on port 465 had credibility as a standard for less than
      a year about a decade ago. You should try to avoid it. Unless you
      have a bunch of users with old Microsoft clients, you do not need to
      participate in the misuse of port 465.

      >i would appreciate some
      >help on the command not found error below. would
      >appreciate it.
      >thank you
      >smtps inet n - - - - smtpd

      You appear to be missing the operative part that actually makes it do SSL:

      smtps inet n - n - - smtpd
      -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

      You should really encourage your users to use port 587 instead, and
      set up a proper submission service:

      submission inet n - n - - smtpd
      -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

      That mandates the use of the STARTTLS command on the submission port,
      which provides a little more clarity when logging all traffic.

      [big snip of irrelevant log lines...]

      >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: >
      >dhcp-ip.isp.net[w.x.y.z]: 220 mail.foobar.com ESMTP

      That's your smtpd sending the initial banner.

      >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: <
      >dhcp-ip.isp.net[w.x.y.z]: ?=??

      That's the client sending garbage ('?=??') that it probably thought
      was a reasonable start at SSL negotiation. However, you are not
      talking SSL.

      >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      >match_string: ?=?? ~? CONNECT
      >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      >match_string: ?=?? ~? GET
      >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      >match_string: ?=?? ~? POST
      >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      >match_list_match: ?=??: no match

      That's Postfix checking the garbage against common broken spamware
      behavior of sending HTTP commands on a SMTP session. The garbage does
      not match.

      >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: >
      >dhcp-ip.isp.net[w.x.y.z]: 502 5.5.2 Error: command not

      Even though the garbage does not match the known list of poison
      strings, it still isn't a valid SMTP command.

      Bill Cole
    • Show all 2 messages in this topic