Loading ...
Sorry, an error occurred while loading the content.
 

port 465 problems

Expand Messages
  • travel kid
    hello folks, i found some users having troubles since their isp s were blocking outbound 25. so i am attempting to get smtp+ssl on port 465 working. i would
    Message 1 of 2 , Oct 31, 2007
      hello folks,

      i found some users having troubles since their isp's
      were blocking outbound 25. so i am attempting to get
      smtp+ssl on port 465 working. i would appreciate some
      help on the command not found error below. would
      appreciate it.

      thank you


      /etc/postfix/master.cf
      smtps inet n - - - - smtpd


      smtpd_recipient_restrictions =
      reject_non_fqdn_sender
      reject_unknown_sender_domain
      reject_unknown_recipient_domain
      reject_non_fqdn_recipient
      permit_sasl_authenticated
      permit_mynetworks
      reject_unauth_destination
      check_recipient_access
      hash:/etc/postfix/roleaccount_exceptions
      check_helo_access
      pcre:/etc/postfix/helo_checks
      reject_non_fqdn_hostname
      reject_invalid_hostname
      check_sender_mx_access
      cidr:/etc/postfix/bogus_mx
      reject_rbl_client xbl.spamhaus.org
      permit

      smtpd_tls_loglevel = 2
      smtpd_tls_security_level = may
      smtpd_tls_auth_only = no



      01:25:00 host postfix/smtpd[2086]:
      xsasl_dovecot_server_create: SASL service=smtp,
      realm=(null)
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: connect
      from dhcp-ip.isp.net[w.x.y.z]
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_list_match: dhcp-ip.isp.net: no match
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_list_match: w.x.y.z: no match
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_list_match: dhcp-ip.isp.net: no match
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_list_match: w.x.y.z: no match
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_hostname: dhcp-ip.isp.net ~? 127.0.0.0/8
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_hostaddr: w.x.y.z ~? 127.0.0.0/8
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_list_match: dhcp-ip.isp.net: no match
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_list_match: w.x.y.z: no match
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: send attr
      request = connect
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: send attr
      ident = smtps:w.x.y.z
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      private/anvil: wanted attribute: status
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: input
      attribute name: status
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: input
      attribute value: 0
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      private/anvil: wanted attribute: count
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: input
      attribute name: count
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: input
      attribute value: 1
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      private/anvil: wanted attribute: rate
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: input
      attribute name: rate
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: input
      attribute value: 2
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      private/anvil: wanted attribute: (list terminator)
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: input
      attribute name: (end)
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: >
      dhcp-ip.isp.net[w.x.y.z]: 220 mail.foobar.com ESMTP
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: <
      dhcp-ip.isp.net[w.x.y.z]: ?=??
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_string: ?=?? ~? CONNECT
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_string: ?=?? ~? GET
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_string: ?=?? ~? POST
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
      match_list_match: ?=??: no match
      Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: >
      dhcp-ip.isp.net[w.x.y.z]: 502 5.5.2 Error: command not
      recognized

      __________________________________________________
      Do You Yahoo!?
      Tired of spam? Yahoo! Mail has the best spam
      protection around
      http://mail.yahoo.com

      __________________________________________________
      Do You Yahoo!?
      Tired of spam? Yahoo! Mail has the best spam protection around
      http://mail.yahoo.com
    • Bill Cole
      ... Pure SSL+SMTP on port 465 had credibility as a standard for less than a year about a decade ago. You should try to avoid it. Unless you have a bunch of
      Message 2 of 2 , Nov 1, 2007
        At 10:50 PM -0700 10/31/07, travel kid wrote:
        >hello folks,
        >
        >i found some users having troubles since their isp's
        >were blocking outbound 25. so i am attempting to get
        >smtp+ssl on port 465 working.

        Pure SSL+SMTP on port 465 had credibility as a standard for less than
        a year about a decade ago. You should try to avoid it. Unless you
        have a bunch of users with old Microsoft clients, you do not need to
        participate in the misuse of port 465.

        >i would appreciate some
        >help on the command not found error below. would
        >appreciate it.
        >
        >thank you
        >
        >
        >/etc/postfix/master.cf
        >smtps inet n - - - - smtpd

        You appear to be missing the operative part that actually makes it do SSL:

        smtps inet n - n - - smtpd
        -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

        You should really encourage your users to use port 587 instead, and
        set up a proper submission service:

        submission inet n - n - - smtpd
        -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

        That mandates the use of the STARTTLS command on the submission port,
        which provides a little more clarity when logging all traffic.


        [big snip of irrelevant log lines...]

        >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: >
        >dhcp-ip.isp.net[w.x.y.z]: 220 mail.foobar.com ESMTP

        That's your smtpd sending the initial banner.

        >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: <
        >dhcp-ip.isp.net[w.x.y.z]: ?=??

        That's the client sending garbage ('?=??') that it probably thought
        was a reasonable start at SSL negotiation. However, you are not
        talking SSL.

        >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
        >match_string: ?=?? ~? CONNECT
        >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
        >match_string: ?=?? ~? GET
        >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
        >match_string: ?=?? ~? POST
        >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]:
        >match_list_match: ?=??: no match

        That's Postfix checking the garbage against common broken spamware
        behavior of sending HTTP commands on a SMTP session. The garbage does
        not match.

        >Nov 1 01:25:00 li10-54 postfix/smtpd[2086]: >
        >dhcp-ip.isp.net[w.x.y.z]: 502 5.5.2 Error: command not
        >recognized

        Even though the garbage does not match the known list of poison
        strings, it still isn't a valid SMTP command.


        --
        Bill Cole
        bill@...
      Your message has been successfully submitted and would be delivered to recipients shortly.