Mailinglist Archive: opensuse (963 mails)

< Previous Next >
Re: [opensuse] I'm stuck - SSL Certs / email server
  • From: Mihira Fernando <mihiratheace@xxxxxxxxx>
  • Date: Tue, 26 Apr 2011 08:17:09 +0530
  • Message-id: <4DB6322D.30707@gmail.com>
On 04/26/2011 12:24 AM, Dimstar / Dominique Leuenberger wrote:
On Fri, 2011-04-22 at 18:26 +0530, Mihira Fernando wrote:
On 04/22/2011 06:06 PM, Sandy Drobic wrote:
On 22.04.2011 06:37, Mihira Fernando wrote:
On 04/22/2011 04:09 AM, Jim Flanagan wrote:
Port 25 is for non SSL SMTP traffic. You cant expect it give you a SSL
connection. Port 465 is the SSL port for SMTP. This should be opened from
postfix master.cf.
Your information is outdated, port 465 is the deprecated SSL-Port. If the
client sends the EHLO command instead of the HELO, then the server can offer
STARTTLS in its capabilities to the client. That initiates a TLS encrypted
connection.
True but so far the defacto standard is that port 25 is used not non
encrypted SMTP traffic. Running SSL or TLS only on port 25 is likely to
cause your server to loose mail as MTA - MTA mail delivery is still
largely non encrypted.
This is incorrect: tcp/25 can be TLS encrypted. TLS OPTIONAL of course,
if your server needs to receive mail from other servers (so if your SMTP
is a receiving Server).

There is hardly ANY Server out there still using SSL directly.

The usual thing for TLS OPTIONAL is to issue an ehlo, check for a
starttls command and issue it, changing to TLS.

Dominique

So exactly what in my statement earlier is incorrect ?

Mihira.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups