Bill Milford wrote:
> Hello All,
> I deliver my mail using a smarthost router to my ISP - AT&T Yahoo DSL. They just sent a memo out that
> effective March 1, 2007 they are requiring us to use TLS-ON-CONNECT on port 465 to send mail. I have read
> the sections in the manual about TLS and exim as a client and didn't see anything that will allow me to
> set tls-on-connect as a client. I know I can use port = 465 in the transport to force the traffic to
> SSMTP port. Does this tls-on-connect option exist for SMTP clients?
>
> Bill
>
>
>
Quite aside from the 'how' - left to others - is the 'why'.
Is that information posted on the AT&T/Yahoo website, or otherwise public?
It seems one must already be a customer to get past the adverts to technical
data (if any!).
Port 465 was 'officially' reassigned by the IANA just about a year ago - to a
proprietary Cisco protocol that has nothing to do with smtp.
See:
http://www.iana.org/assignments/port-numbers
and find:
urd 465/tcp URL Rendesvous Directory for SSM
igmpv3lite 465/udp IGMP over UDP for SSM
# Toerless Eckert <eckert@???>
The port assigned for 'submission' is 587, op cit:
submission 587/tcp Submission
submission 587/udp Submission
# [RFC4409]
per RFC 4409, STARTTLS 'MAY' be offered, and conventionally *usually is* advertised.
Other forms of security/encryption for AUTH, traffic, and/or the link itself are
mentioned, but none are specifically required or prohibited. Port 587 is
considered a 'local' port in the sense that it does not abitrarily 'reach out
and touch' the internet at large. IOW - an entity configuring oddly affects only
their own 'constituency' - so the rules are more about 'how to do properly' than
'must always do TLS' (or even limit to 'smtp' vs 'cousins').
That could be seen as leaving an opening for AT&T/Yahoo to offer their
user-community SSL/TLS_on_connect via port 587 instead of TLS.
But the year-old re-assignment of 465 to other use does no such thing.
"Legacy" or no, 465 is no longer appropriate for mail at all.
JM2CW - YMMV.
Bill Hacker
