On 02/04/2013 04:03 PM, btb wrote:
On 2013.02.04 13.27, Robert Moskowitz wrote:
http://www.emailsecuritygrader.com
as with most "helpful" websites like this, this one is perpetuating
misinformation. smtps has long since been deprecated, having been
superseded by starttls. it also would appear to perpetuate the
behavior of offering submission service via port 25, which is largely
discouraged.
And blocked at many hotspots.
And from there I became aware that I probably don't have SMTPS (port
465) configured properly.
with reference to the above, instead, configure a proper
submission+starttls service [port 587]. there is an example included
in the master.cf config file which comes with postfix.
And I do have that configured.
these days, new implementation of smtps should be restricted to
existing environments in which smtps is already in use by clients.
even then, it really should be used only until clients have been
converted to use proper submission+starttls.
And tried to telnet into localhost 465.
telnet is not suitable for testing things which employ this sort of
encryption. instead, use something like openssl s_client or gnutls-cli
Got that. thanks.
The one pointer I have found so far on telneting into 465 shows that I
should have also gotten a:
220 ________ ESMTP Postfix
sending a 'ehlo' results in the connection closing.
this is misinformation. with smtps, encryption must be established
before any smtp related dialog can occur. telnet does not do this
sort of encryption.
And I looked into my logs for the emailsecuritygrader connections and it
sure seemed to be connecting with something equivalent to telnet! Well
more testing will tell.