Author: Mark Edwards Date: To: James P. Roberts CC: exim-users Subject: Re: [Exim] TLS on a port other than 25
On Monday, February 17, 2003, at 09:04 AM, James P. Roberts wrote:
> My suggestion for a "standard" configuration:
>
> Port 25 ("smtp" port): plaintext and STARTTLS
>
> Port 465 ("smtps" port): SMTPS
>
> Port 587 ("submission" port): plaintext and STARTTLS
>
> This allows all the protocols, on at least one port other than 25, to
> get around the ISP port 25 hi-jacking problem. Any given client can
> then be configured to talk to the server. Because there is a risk that
> ISPs will begin hi-jacking other ports as well, it would be important
> for Exim to be able to specify the protocol for each port being
> listened
> on (at least, whether or not to use smtps on each port).
Okay, I've verified that this is the case. I actually already had
smtps running for MS clients. When I switch the port to 465 in
Mail.app, transmission works fine. Thus, it does appear to be using
smtps when sending on any port other than 25. Incidentally, it appears
to want to send smtps on 587 as well.
So, it appears in this case I can't get smtps encrypted transmissions
on port 26 (or any non-standard port) via the method I'm using now,
which is -tls-on-connect via inetd.conf. Perhaps if I made up a
service name and assigned it to port 26, and ran it via inetd.conf
using that service name? But I'm guessing that would fail.
So, the only solution would be to run a separate exim daemon listening
on port 26, using -tls-on-connect and a different configure file? Is
that right?
I think I'm going to see if 465 is blocked before going to all that
trouble. What's weird is the ISP isn't consistently hijacking port 25.
It only happens sometimes, which suggests that they just have a bunged
up configuration somewhere, rather than intentionally hijacking the
port.
Anyway, thanks very much for all of the detailed explanations! Another
eye-opener from the list.