On 20/05/10 16:30, W B Hacker wrote:
> Nigel Wade wrote:
>> On 20/05/10 14:54, W B Hacker wrote:
>>> Nigel Wade wrote:
>>>> On 20/05/10 10:36, John Doe wrote:
>>>>> From: Nigel Wade<nmw@???>
>>>>>> Is the client performing TLS on connect (a.k.a. SSL),
>>>>>> whilst the server is expecting a normal connection,
>>>>>> with encryption established via STARTTLS? That
>>>>>> would explain the synchronization error.
>>>>> Not sure, I have these:
>>>>> daemon_smtp_ports = 25 : 465
>>>>> tls_on_connect_ports = 465
>>>>> Should I remove the 465 from daemon_smtp_ports?
>>>>>
>>>> No. That's correct for an "SSL" client. It works from my iPhone to Exim.
>>>>
>>>>
>>> 465 *may* work as [pure | legacy] SSL, yes.
>>>
>>> IF the MTA is still so configured.
>>>
>>> But an MTA should no longer BE so configured.
>>>
>>> Given that:
>>>
>>> A) 465 was never, ever, formally finalized and adopted by IANA/IETF for
>>> 'official' smtp submission use, despite de-facto co-option for a decade or two
>>> while the battle raged...
>>>
>>> .. and 587 was finally adopted...
>>>
>>> and
>>>
>>> B) 465 *was* formally and officially turned-over to a Cisco protocl WEF
>>> February of .. several years ago now...
>>>
>>> Ergo .. running 465 as an SSL-smtp submission port is technically an RFC
>>> violation, and SHOULD be discontinued.
>>>
>>> Mind, I won't hold my breath waiting...
>>>
>>> ;-)
>>>
>>> Bill
>>>
>>
>> The port number should not affect whether SSL/TLS actually works, though.
>
> SSL/TLS no. Apple's verdamnt *assumptions* yes. Can do. Or once did.
>
> Ditto Haiku, where *my* problem is that I actually run 587 as tls_on_connect, eg
> SSL not 'modern' TLS - and Haiku lacks the knobs to adjust for that. Or did do.
> ISTR it now auto-seeks or something. Or I recoded mine to do so... getting old...
>
>>
>> If the server is set up to accept tls_on_connect on port 465, and the client
>> attempts that kind of connection on port 465 it should work, no matter what an
>> RFC or the IANA allocation says that port 465 is meant to be used for. Something
>> else must be wrong. I run SSL on an entirely different port for operational reasons.
>>
>
> ACK. SA. But the OP's issue is with Pferdapfels Mail, and it is not (or was not
> - remember I always scrap it) as easily configured as real MUA.
>
> Bill
>
Recent versions of Apple Mail certainly work here, where I use a very
non-standard SMTP SSL port. AFAI can remember we just told it to use SSL on this
port. My iPhone also works on this non-standard port with SSL enabled, and the
OP said their iPhone did not. We do, however, have a proper server cert. which
may well be a problem for the OP as I know of no way of adding (or even seeing)
server certs. or CA certs on the iPhone. Apple are not exacly into openness.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@???
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
