Re: [exim] SSL SMTP

Top Page
Delete this message
Reply to this message
Author: Ron McKeating
Date:  
To: Tony Finch
CC: Exim-Users \(E-mail\)
Subject: Re: [exim] SSL SMTP
On Thu, 2004-12-02 at 15:28, Tony Finch wrote:
> On Thu, 2 Dec 2004, Ron McKeating wrote:
>
> > But we seem to have found that
> >
> > daemon_smtp_ports = 25 : 465 : 587
> > tls_on_connect_ports = 465
> > log_selector = +incoming_interface
> >
> > allows both protocols on port 465, is this a change in exim, or has it
> > always been like this?
>
> What makes you think this? If you are going by P=smtp on port 465
> connections, this is related to the following change in version 4.44:
>


No I am going by the I=[158.125.1.226]:587 entry in the log, which lists
the port after the senders ip address.

We have found that Outlook express can only use port 465
(tls_on_connect). However for Outlook we find

2004-12-02 14:47:02 1CZsEY-00011m-69 H=(venox) [158.125.50.126]
I=[158.125.1.226]:587 Warning: Client=Microsoft Outlook, Build 10.0.2627

(note the client = bit) works on port 587 ok.

But these clients (below) can only use port 465

2004-12-02 13:41:51 1CZrDT-00063e-Ao H=(xpccnd1) [131.231.82.103]
I=[158.125.1.226]:465 Warning: Client=Microsoft Office Outlook, Build
11.0.5510

So clients that report as "Microsoft Office Outlook" seem to work the
same as outlook express, in that they can only work on the default port
25 when they use proper start_tls, or for any other port it has to have
TLS_ON_Connect enabled. We have tested these clients and they will not
work on port 587 which does not have it enabled.



> 21. The rare case of EHLO->STARTTLS->HELO was setting the protocol to "smtp".
>     It is now set to "smtps".

>
> This also applies to tls-on-connect->HELO.
>
> > We are finding that even full Outlook clients have to use
> > port 465 with the above config.
>
> Correct.
>
> Tony.

--
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329