Re: [Exim] TLS problems on non-standard port

Top Page
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: Juri Tsibrovski, exim-users
Subject: Re: [Exim] TLS problems on non-standard port
> Hello,
>
> I'm trying to set up Exim to listen on both ports 25 and 8025, to
> accommodate poor Earthlink customers with access to port 25 blocked, using
>
>     local_interfaces = 0.0.0.0.25 : 0.0.0.0.8025

>
> Unfortunately, I can't get SSL to work on port 8025 reliably for everybody -
> some clients can't send their mail, and I get the following in server logs:
>
>     2003-06-27 17:15:41 SMTP protocol violation: synchronization error (next
> input sent too soon): rejected "<80>L^A^C^A" H=ip68-x-y-z.nv.nv.cox.net
> [68.x.y.z]

>
> Turning out synchronization enforcement with
>
>     smtp_enforce_sync = false

>
> is not doing much good, the errors disappear from logs, but the clients are
> still unable to use SSL. There is some correlation with client software -
> those using Outlook Express 6.0 seems to be totally out of luck, but some
> Outlook XP clients send mail just fine. It seems that OE clients can not
> even initiate SMTP - at least there is nothing in OE's Smtp.log file.
> Typical OE error follows:
>
> "Your server has unexpectedly terminated the connection. Possible causes for
> this include server problems, network problems, or a long period of
> inactivity. Account: 'mail', Server: 'mail', Protocol: SMTP, Port: 8025,
> Secure(SSL): Yes, Error Number: 0x800CCC0F"
>
> Has anybody out here used SSL with Exim on non-standard ports with better
> success?
>
> Exim version is 4.20, it was compiled with OpenSSL 0.9.7b.
>


The problem is this: If you tell OE to use SSL on any port other than 25, it
will use SMTPS instead of TLS. (Ah, good ol' M$, making assumptions for us,
instead of letting us set the options we really want.)

So, you need to run an Exim that talks SMTPS on the alternate port. I think
someone else already mentioned a way to do this. And also the "standard"
alternate ports to use.

Another option is to use something like Stunnel on the alternate port,
handling the decryption & forwarding to locahost:25. (This will look like
SMTPS to clients).

Regards,
Jim Roberts
Punster Productions, Inc.