Re: Randy in Nevis
John Peach john-na...@johnpeach.com writes: It is on all Linux distros: ssmtp 465/tcp smtps # SMTP over SSL So file bug reports. Bjørn
Re: Randy in Nevis
On Wed, 29 Sep 2010 14:13:51 +0200 Bjørn Mork bj...@mork.no wrote: John Peach john-na...@johnpeach.com writes: It is on all Linux distros: ssmtp 465/tcp smtps # SMTP over SSL So file bug reports. With IANA? It's common knowledge that 465 is smtps, whatever else IANA might say. Bjørn -- John
Re: Randy in Nevis
On Wed, 29 Sep 2010 14:13:51 +0200, =?utf-8?Q?Bj=C3=B8rn_Mork?= said: John Peach john-na...@johnpeach.com writes: It is on all Linux distros: ssmtp 465/tcp smtps # SMTP over SSL So file bug reports. bug-repo...@iana.org seems to bounce. pgpKVhunwIKfg.pgp Description: PGP signature
Re: Randy in Nevis
On 2010-09-29, at 12:25, valdis.kletni...@vt.edu wrote: On Wed, 29 Sep 2010 14:13:51 +0200, =?utf-8?Q?Bj=C3=B8rn_Mork?= said: John Peach john-na...@johnpeach.com writes: It is on all Linux distros: ssmtp 465/tcp smtps # SMTP over SSL So file bug reports. bug-repo...@iana.org seems to bounce. I don't know the history of 465/tcp as an entry in the registry found at http://www.iana.org/assignments/port-numbers, but assuming the current entry is there for a reason (and hence is not an error that might be corrected), I believe this is the workflow required to change it. The port-number registry is maintained according to the directions in RFC 2780. To change an entry in the registry you need to write and submit an internet-draft http://www.ietf.org/id-info/ which contains an IANA Considerations section specifying the change that is required. Those specifications will be executed (and the registry updated) if/when the I-D makes it through to that stage in the RFC publication process. RFC 2780 gives the following guidance for how such an I-D might reach that stage. 9.1 TCP Source and Destination Port fields Both the Source and Destination Port fields use the same namespace. Values in this namespace are assigned following a Specification Required, Expert Review, IESG Approval, IETF Consensus, or Standards Action process. Note that some assignments may involve non- disclosure information. Joe
Re: Randy in Nevis
On Sep 29, 2010, at 7:26 AM, John Peach wrote: With IANA? It's common knowledge that 465 is smtps, whatever else IANA might say. http://www.ietf.org/rfc/rfc4409.txt Here's what they've had to say over time: http://web.archive.org/web/20010519080902/http://www.iana.org/assignments/port-numbers Says it's unassigned. Then they assign it to URL Rendezvous a few months after that. http://web.archive.org/web/20010813015738/http://www.iana.org/assignments/port-numbers We currently support SMTP submission over 465 since there are still some old cranky Outlook versions out there that simply don't appear to be able to support connecting to 587, but it's been 18 months since we got a call like that, so we'll probably be shutting that off soon. --Chris
Re: Randy in Nevis
John Peach john-na...@johnpeach.com writes: It's common knowledge that 465 is smtps, whatever else IANA might say. It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an obsolete tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people. Bjørn
Re: Randy in Nevis
On Wed, 29 Sep 2010 15:06:02 +0200 Bjørn Mork bj...@mork.no wrote: John Peach john-na...@johnpeach.com writes: It's common knowledge that 465 is smtps, whatever else IANA might say. It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an obsolete tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people. You obviously don't use a Blackberry with an imap(s) server. -- John
Re: Randy in Nevis
On Sep 29, 2010, at 6:10 AM, John Peach wrote: On Wed, 29 Sep 2010 15:06:02 +0200 Bjørn Mork bj...@mork.no wrote: John Peach john-na...@johnpeach.com writes: It's common knowledge that 465 is smtps, whatever else IANA might say. It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an obsolete tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people. You obviously don't use a Blackberry with an imap(s) server. What does imap(s) have to do with 465/SMTP? Owen
Re: Randy in Nevis
On Wed, 29 Sep 2010 06:16:04 -0700 Owen DeLong o...@delong.com wrote: On Sep 29, 2010, at 6:10 AM, John Peach wrote: On Wed, 29 Sep 2010 15:06:02 +0200 Bjørn Mork bj...@mork.no wrote: John Peach john-na...@johnpeach.com writes: It's common knowledge that 465 is smtps, whatever else IANA might say. It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an obsolete tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people. You obviously don't use a Blackberry with an imap(s) server. What does imap(s) have to do with 465/SMTP? Too early in the morning and I was not advocating maintaining SMTPS. -- John
Re: Randy in Nevis
John Peach john-na...@johnpeach.com writes: On Wed, 29 Sep 2010 15:06:02 +0200 Bjørn Mork bj...@mork.no wrote: It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an obsolete tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people. You obviously don't use a Blackberry with an imap(s) server. No, I obviously don't. But I'm eager to be educated: What the heck does imap(s) have to do with port 465/tcp? I can guess... I have also been frustrated while trying to configure all sorts of MUAs. But don't you think that you had been better off if the 465/tcp entry in /etc/services had been updated when it should, 5 years ago, on the system where that Blackberry MUA was developed? If you fix /etc/services today then maybe you don't have the same problem with your new Blackberry 5 years from now. Bjørn
Re: Randy in Nevis
On Wed, 29 Sep 2010, Bjørn Mork wrote: It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an obsolete tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. Microsoft MUAs only supported STARTTLS on port 25 until Outlook 2007. If you wanted to do secure remote message submission and you wanted to avoid blocks on port 25, you had to use smtps on port 465. Lots of people are still using old Microsoft MUAs so service providers should still support smtps. This is typical of the Outlook team's attitude to standards. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7, DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR ROUGH. RAIN THEN FAIR. GOOD.
Re: Randy in Nevis
Owen DeLong o...@delong.com writes: On Sep 27, 2010, at 9:30 AM, Lyndon Nerenberg wrote: On 10-09-27 7:20 AM, Robert E. Seastrom wrote: Cannot establish SSL with SMTP server 67.202.37.63:465 does not sound like a 587 problem to me. netalyzr folks? comment? Sorry, I hit send too soon ... I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't found anyone who can reproduce this on demand, so it's still apocryphal for now.) 465 is not an odd-ball port, it's the standard well-known port for STMPS. Fortunately, few people actually use SMTPS, preferring instead to do their security via TLS using the STARTTLS model after connecting to 25/587. That doesn't explain why the test of port 587/starttls is trying to connect to the well-known port for smtps. -r
Re: Randy in Nevis
On 27 Sep 2010, at 8:29, Owen DeLong wrote: [...] 465 is not an odd-ball port, it's the standard well-known port for STMPS. It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers urd 465/tcpURL Rendesvous Directory for SSM igmpv3lite 465/udpIGMP over UDP for SSM Regards, Leo
Re: Randy in Nevis
On 9/28/10 7:49 AM, Leo Vegoda wrote: On 27 Sep 2010, at 8:29, Owen DeLong wrote: [...] 465 is not an odd-ball port, it's the standard well-known port for STMPS. It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers urd 465/tcpURL Rendesvous Directory for SSM igmpv3lite 465/udpIGMP over UDP for SSM Microsoft frequently has different ideas about things. ~Seth
RE: Randy in Nevis
465 is not an odd-ball port, it's the standard well-known port for STMPS. It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers urd 465/tcpURL Rendesvous Directory for SSM igmpv3lite 465/udpIGMP over UDP for SSM Microsoft frequently has different ideas about things. ~Seth FWIW - 465 is widely deployed as SMTPS, in more than just MS products. I'm actually quite surprised it's not in the well known ports list. Best Regards, Nathan Eisenberg
Re: Randy in Nevis
On Tue, 28 Sep 2010 17:39:33 + Nathan Eisenberg nat...@atlasnetworks.us wrote: 465 is not an odd-ball port, it's the standard well-known port for STMPS. It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers urd 465/tcpURL Rendesvous Directory for SSM igmpv3lite 465/udpIGMP over UDP for SSM Microsoft frequently has different ideas about things. ~Seth FWIW - 465 is widely deployed as SMTPS, in more than just MS products. I'm actually quite surprised it's not in the well known ports list. It is on all Linux distros: ssmtp 465/tcp smtps # SMTP over SSL -- John
Re: Randy in Nevis
Whether recorded with IANA or not, it certainly is what you will find if you google: smtp ssl port It's also what just about every MUA and MTA I've seen expects for that purpose. Owen On Sep 28, 2010, at 7:49 AM, Leo Vegoda wrote: On 27 Sep 2010, at 8:29, Owen DeLong wrote: [...] 465 is not an odd-ball port, it's the standard well-known port for STMPS. It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers urd 465/tcpURL Rendesvous Directory for SSM igmpv3lite 465/udpIGMP over UDP for SSM Regards, Leo
Re: Randy in Nevis
On Mon, 27 Sep 2010 09:30:06 PDT, Lyndon Nerenberg said: I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't found anyone who can reproduce this on demand, so it's still apocryphal for now.) I've heard some people say that reproducing totally compliant SMTP behavior on those boxes on demand is apocryphal as well. :) (I have to admit I haven't actually tracked a user complaint down to a misbehaving PIX in a year or two, but I can't say if the software has gotten better or if its market share is just small enough to fly under my radar - the type of people who send e-mail from behind a PIX don't interact with my users all that often) pgpKQ9MH0GX61.pgp Description: PGP signature
RE: Randy in Nevis
-Original Message- From: Lyndon Nerenberg [mailto:lyn...@orthanc.ca] Sent: Monday, September 27, 2010 9:30 AM To: nanog@nanog.org Subject: Re: Randy in Nevis On 10-09-27 7:20 AM, Robert E. Seastrom wrote: Cannot establish SSL with SMTP server 67.202.37.63:465 does not sound like a 587 problem to me. netalyzr folks? comment? Sorry, I hit send too soon ... I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't found anyone who can reproduce this on demand, so it's still apocryphal for now.) Static (inside,outside) tcp outside ip 25 inside ip 65535 Access-list outside_acl permit tcp any any eq 25 No fixup smtp That will redirect port 25 to port 65535, allow port 25 through the firewall, and remove the fixup that changes the server banner to *, which breaks most mail communications. Regards, Mike
Re: Randy in Nevis
On Sep 27, 2010, at 9:30 AM, Lyndon Nerenberg wrote: On 10-09-27 7:20 AM, Robert E. Seastrom wrote: Cannot establish SSL with SMTP server 67.202.37.63:465 does not sound like a 587 problem to me. netalyzr folks? comment? Sorry, I hit send too soon ... I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't found anyone who can reproduce this on demand, so it's still apocryphal for now.) 465 is not an odd-ball port, it's the standard well-known port for STMPS. Fortunately, few people actually use SMTPS, preferring instead to do their security via TLS using the STARTTLS model after connecting to 25/587. Owen
Re: Randy in Nevis
http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-6714-b0f7e7b0-d08e-4729-b491#BufferResult wow! lime's buffering and 587 hacking make me like caribbean cable more and more. randy
Re: Randy in Nevis
I'm sure it's a lot better than our Afghanistan satellite systems (84% uptime on two of them, 41% on the third). Luckily we load balance the WAN ports so it's not *too* painful. Jeff On Sun, Sep 19, 2010 at 6:56 PM, Randy Bush ra...@psg.com wrote: http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-6714-b0f7e7b0-d08e-4729-b491#BufferResult wow! lime's buffering and 587 hacking make me like caribbean cable more and more. randy -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
