Re: [exim] Send mail via Port 465

Top Page
Delete this message
Reply to this message
Author: Yves
Date:  
To: exim-users
Subject: Re: [exim] Send mail via Port 465
Le 10/03/2014 10:38, soumya tr a écrit :
> Thanks James and Yves. I tried connecting using openssl command [tried
> connecting to smtp.gmail.com], and that was successful. Now I tried to use
> the normal command which I use in SMTP transactions:
>
> ---------------------
> 220 mx.google.com ESMTP gg3sm63604270pbc.34 - gsmtp
> EHLO abc.com
> 250-mx.google.com at your service, [X.X.X.X]
> 250-SIZE 35882577
> 250-8BITMIME
> 250-AUTH LOGIN PLAIN XOAUTH XOAUTH2 PLAIN-CLIENTTOKEN
> 250-ENHANCEDSTATUSCODES
> 250 CHUNKING
> MAIL FROM: abc@???
> 530-5.5.1 Authentication Required. Learn more at
> 530 5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257gg3sm63604270pbc.34
> - gsmtp
> -------------------
>
> Its doesn't allow me to send out mail without authenticating. Does that
> mean using port 465 we will have to authenticate all the time before
> sending out mail?


I'm not sure what you mean... There is no automagical behaviour
associated with the number 465. This port, like any other, behaves like
you tell it to. Google configured its 465 port to require
authentication. You are under no obligation to do the same, although
doing so is sensible, in my opinion.

> Quoting from Wikipedia [ https://en.wikipedia.org/wiki/Smtps ]:
>
> -------------
> *SMTPS* refers to a method for securing
> SMTP<https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>with
> transport
> layer security <https://en.wikipedia.org/wiki/Transport_layer_security>. It
> is intended to provide
> authentication<https://en.wikipedia.org/wiki/Authentication>of the
> communication partners, as well as data
> integrity <https://en.wikipedia.org/wiki/Data_integrity> and
> confidentiality<https://en.wikipedia.org/wiki/Confidentiality>
> .
> -------------


I suppose "authentication" there refers to server authentication (which
SMTPS does provide), not user authentication (which SMTPS does _not_
provide). Destination server authentication is taken care of. Source
server authentication is up to you (eg. DKIM check). User authentication
is also up to you (eg. password).

> Or am I going in wrong track?
>
> Thanks in advance
>
>
> On Mon, Mar 10, 2014 at 2:55 PM, Yves <exi.ml@???> wrote:
>
>> Le 10/03/2014 10:06, soumya tr a écrit :
>>
>> Hi,
>>>
>>> I am using 465 as SMTPS
>>> -----------------
>>> daemon_smtp_ports = 25 : 465 : 587
>>> tls_on_connect_ports = 465
>>> -----------------
>>>
>>> I was trying to send mail via port 465 with/without authentication.
>>>
>>> But telnet <hostname> 465 just quits when I enter EHLO:
>>>
>>> $ telnet <hostname> 465
>>> Trying X.X.X.X...
>>> Connected to <hostname>.
>>> Escape character is '^]'.
>>> EHLo abc.com
>>> Connection closed by foreign host
>>>
>>> How can I try to send out mails via port 465. Please assist.
>>>
>>
>> I might be wrong, but it seems to me that tls_on_connect_ports' purpose is
>> "legacy" SMTPS, with SSL first, then SMTP inside the SSL tunnel (just like
>> HTTPS). So you should talk SSL to the 465 port configured this way, not
>> SMTP. Use eg. openssl instead of telnet.
>>
>> You probably wanted to use STARTTLS instead, which is TLS (aka "SSL")
>> inside an SMTP negociation, instead of the reverse. In this case, you don't
>> need tls_on_connect_ports.
>>
>> Yves.