Re: [exim] Send mail via Port 465

Top Page
Delete this message
Reply to this message
Author: Dominic Benson
Date:  
To: exim-users@exim.org
Subject: Re: [exim] Send mail via Port 465


> On 10 Mar 2014, at 09:38, soumya tr <soumya.324@???> wrote:
>
> Thanks James and Yves. I tried connecting using openssl command [tried
> connecting to smtp.gmail.com], and that was successful. Now I tried to use
> the normal command which I use in SMTP transactions:
>
> ---------------------
> 220 mx.google.com ESMTP gg3sm63604270pbc.34 - gsmtp
> EHLO abc.com
> 250-mx.google.com at your service, [X.X.X.X]
> 250-SIZE 35882577
> 250-8BITMIME
> 250-AUTH LOGIN PLAIN XOAUTH XOAUTH2 PLAIN-CLIENTTOKEN
> 250-ENHANCEDSTATUSCODES
> 250 CHUNKING
> MAIL FROM: abc@???
> 530-5.5.1 Authentication Required. Learn more at
> 530 5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257gg3sm63604270pbc.34
> - gsmtp
> -------------------
>
> Its doesn't allow me to send out mail without authenticating. Does that
> mean using port 465 we will have to authenticate all the time before
> sending out mail?


Not by definition, but it is commonly implemented that 465 and 587 require authentication, as they are mainly used for submission rather than relaying. You would normally only get exim to use an alternate port outbound to connect to smarthosts - possibly with authentication. You can't in general assume that any remote site will listen on 465 at all.
>
> Quoting from Wikipedia [ https://en.wikipedia.org/wiki/Smtps ]:
>
> -------------
> *SMTPS* refers to a method for securing
> SMTP<https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>with
> transport
> layer security <https://en.wikipedia.org/wiki/Transport_layer_security>. It
> is intended to provide
> authentication<https://en.wikipedia.org/wiki/Authentication>of the
> communication partners, as well as data
> integrity <https://en.wikipedia.org/wiki/Data_integrity> and
> confidentiality<https://en.wikipedia.org/wiki/Confidentiality>
> .
> -------------
>
> Or am I going in wrong track?


STARTTLS provides the same security, but because it is negotiated inside SMTP it doesn't require an alternate port. Exim (and others) use opportunistic TLS when relaying (if STARTTLS is advertised, they will use it) - but this doesn't involve any verification of identity.
You can enable stricter checking, but you have to know and nominate the sites in question to do it successfully.

Dom