On 2013.02.04 13.27, Robert Moskowitz wrote:
http://www.emailsecuritygrader.com
as with most "helpful" websites like this, this one is perpetuating
misinformation. smtps has long since been deprecated, having been
superseded by starttls. it also would appear to perpetuate the behavior
of offering submission service via port 25, which is largely discouraged.
And from there I became aware that I probably don't have SMTPS (port
465) configured properly.
with reference to the above, instead, configure a proper
submission+starttls service [port 587]. there is an example included in
the master.cf config file which comes with postfix.
these days, new implementation of smtps should be restricted to existing
environments in which smtps is already in use by clients. even then, it
really should be used only until clients have been converted to use
proper submission+starttls.
And tried to telnet into localhost 465.
telnet is not suitable for testing things which employ this sort of
encryption. instead, use something like openssl s_client or gnutls-cli
The one pointer I have found so far on telneting into 465 shows that I
should have also gotten a:
220 ________ ESMTP Postfix
sending a 'ehlo' results in the connection closing.
this is misinformation. with smtps, encryption must be established
before any smtp related dialog can occur. telnet does not do this sort
of encryption.
-ben
