Oh, when I go to change my outgoing mail settings in Thunderbird and I choose SSL, it defaults to 465. I do, however, see equal references to 465 and 587 as viable SSL ports. I see chatter about TLS vs SSL, and STARTTLS being used for port 587, but it's semi-greek to me. Either way, port forwarding can hopefully handle whichever port ASSP doesn't bind to.
Thanks for the heads up on the iptables rule, Andrew. It works like a charm! Now I can use the 2nd listening port in ASSP for the secure connection, and I can create as many forwarders as I need to get around restrictive firewalls. David James Brown wrote: > I agree, but I think port 465 is obsolete these days, and 587 is the > one to use. > > (Could be wrong, but that's what I picked up on the Postfix mailing > list recently). > > James. > > On 22/09/2007, at 6:13 PM, David wrote: > > >> Hi, >> >> I have ASSP listening on port 26 as it's secondary port, for my >> clients >> who need to send mail from a residential ISP that blocks port 26. >> Recently, though, I have been seeing users blocked on port 26 also, so >> I'm looking into the possibility of getting ASSP to listen on more >> ports. Is it possible and feasible to use IPTables to get another >> port, >> like 2525, to forward internally to port 25/26 that ASSP listens on? I >> would just change port 26 to something else, but I also have many >> users >> configured with it, and there are also a number behind odd firewalls >> that would block an odd port like 2525 also,so having both options >> would >> be nice. >> >> Another possible "cure" is to use the an SSL secure connection and use >> the SSL port (465). Currently, one has to use stunnel to >> approximate an >> SSL connection for ASSP. It is pretty hacky and also invalidates >> any IP >> checks as ASSP thinks the mail is coming from localhost, and the >> IPs in >> the mail header are not trusted anyways. Someone said once that it's >> what is holding ASSP back from being a real contender in areas where >> secure connections are necessary. There were last week talks of >> getting >> ASSP to check the headers for IP tests. Would this solve the issue >> of IP >> tests being invalidated with stunnel? Are SSL libraries at a maturity >> level in Perl where it could be implemented in ASSP itself? >> >> I remember reading that SSL support is "outside of ASSP's scope", >> but I >> have to disagree. If ASSP is a proxy for the MTA, it ought to support >> every connection that the MTA does, seeing as we can't/won't connect >> directly to the MTA anymore. One _could_ connect directly to the >> MTA on >> the new port it listens on, but then one loses the whitelisting and >> bayesian training that happens when mail goes out through ASSP. If I >> understand correctly, if mail is sent out via an ISP's SMTP server, or >> otherwise bypasses ASSP, the mail isn't logged/whitelisted/trained >> against since it never touches ASSP, right? >> >> If SSL is implemented, then ASSP would definitely need more ports to >> listen on: port 25, 26/2525 for an additional unencrypted port, >> then 465 >> for the secure connection. I've been reading and studying for entirely >> too long today. I apologize if any of this is weird or just plain >> wrong. >> >> David >> >> ---------------------------------------------------------------------- >> --- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2005. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Assp-user mailing list >> Assp-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-user >> > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
