On 20/05/10 14:54, W B Hacker wrote:
> Nigel Wade wrote:
>> On 20/05/10 10:36, John Doe wrote:
>>> From: Nigel Wade<nmw@???>
>>>> Is the client performing TLS on connect (a.k.a. SSL),
>>>> whilst the server is expecting a normal connection,
>>>> with encryption established via STARTTLS? That
>>>> would explain the synchronization error.
>>> Not sure, I have these:
>>> daemon_smtp_ports = 25 : 465
>>> tls_on_connect_ports = 465
>>> Should I remove the 465 from daemon_smtp_ports?
>>>
>>
>> No. That's correct for an "SSL" client. It works from my iPhone to Exim.
>>
>>
>
> 465 *may* work as [pure | legacy] SSL, yes.
>
> IF the MTA is still so configured.
>
> But an MTA should no longer BE so configured.
>
> Given that:
>
> A) 465 was never, ever, formally finalized and adopted by IANA/IETF for
> 'official' smtp submission use, despite de-facto co-option for a decade or two
> while the battle raged...
>
> .. and 587 was finally adopted...
>
> and
>
> B) 465 *was* formally and officially turned-over to a Cisco protocl WEF
> February of .. several years ago now...
>
> Ergo .. running 465 as an SSL-smtp submission port is technically an RFC
> violation, and SHOULD be discontinued.
>
> Mind, I won't hold my breath waiting...
>
> ;-)
>
> Bill
>
The port number should not affect whether SSL/TLS actually works, though.
If the server is set up to accept tls_on_connect on port 465, and the client
attempts that kind of connection on port 465 it should work, no matter what an
RFC or the IANA allocation says that port 465 is meant to be used for. Something
else must be wrong. I run SSL on an entirely different port for operational reasons.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@???
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555