Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Dave Warren
On 2015-07-30 18:33, Robert Mueller wrote: A client with a new iPhone (not sure what model), attempts to setup imap/smtp using starttls. As part of the setup, the iPhone apparently probes the smtp server on port 587 with an SSL handshake: Jul 29 21:31:34 ns1 sendmail[20641]: t6U4VYQL020641: reje

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Dave Warren
On 2015-07-30 15:55, Michelle Sullivan wrote: Because you may or may not be passing credentials... my server will not require credentials if you're submitting email to local users, but will require it for relay... Maybe I'm misreading something, but doesn't that turn it into a MTA port instead

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Robert Mueller
> A client with a new iPhone (not sure what model), attempts to setup > imap/smtp using starttls. As part of the setup, the iPhone apparently > probes the smtp server on port 587 with an SSL handshake: > > Jul 29 21:31:34 ns1 sendmail[20641]: t6U4VYQL020641: rejecting commands > from 97-93-80-251.

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Eric Tykwinski
I concur here. Submission port has long been a STARTTLS port, which has inherent flaws with DPI. I have no problems with people off porting implicit SSL connection to either 465 or any other port on higher ranges, but you will probably run into more issues with forcing implicit on well known ex

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Michelle Sullivan
Matthew Black wrote: > > For details, see RFC5598 Internet Mail Architecture > . This is a great document for > understanding terminology used in discussing e-mail standards. > > [ https://tools.ietf.org/pdf/rfc5598.pdf ] > > > > Many MSAs support cleartext on

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Matthew Black
As I recall, MSP on port 465 was deprecated many years ago in favor of 587. Ports 25 and 587 should both support TLS handshake. Port 25 is for MTA to MTA transfers -- between mail servers in different ADMDs Port 587 (replaced 465) is for initial message submission from MUA to MSA/MTA For details

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Michelle Sullivan
Franck Martin wrote: > 465 has been deprecated, IANA has got this port registered for another > protocol than SMTPS. I stand corrected (and learned something new today) > However recently at IETF, as part of Universal TLS in Application > (UTA), it was discussed that using STARTTLS is may be not a

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Franck Martin
465 has been deprecated, IANA has got this port registered for another protocol than SMTPS. However recently at IETF, as part of Universal TLS in Application (UTA), it was discussed that using STARTTLS is may be not as secure as negotiating directly a TLS connection and doing TLS at connection time

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Michelle Sullivan
Tim Franklin wrote: >> On 30 Jul 2015, at 21:36, Alarig Le Lay wrote: >> >> On Thu Jul 30 13:23:45 2015, Carl Byington wrote: >> >>> Perhaps public shaming will cause Apple to change that behavior. I don't >>> think there is any mail server that will respond on port 587 to an >>> unsolicited

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Tim Franklin
> On 30 Jul 2015, at 21:36, Alarig Le Lay wrote: > > On Thu Jul 30 13:23:45 2015, Carl Byington wrote: >> Perhaps public shaming will cause Apple to change that behavior. I don't >> think there is any mail server that will respond on port 587 to an >> unsolicited SSL handshake. > > It’s normal

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Michelle Sullivan
Alarig Le Lay wrote: > On Thu Jul 30 13:23:45 2015, Carl Byington wrote: > >> Perhaps public shaming will cause Apple to change that behavior. I don't >> think there is any mail server that will respond on port 587 to an >> unsolicited SSL handshake. >> > > It’s normal behavior: https://pas

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Alarig Le Lay
On Thu Jul 30 13:23:45 2015, Carl Byington wrote: > Perhaps public shaming will cause Apple to change that behavior. I don't > think there is any mail server that will respond on port 587 to an > unsolicited SSL handshake. It’s normal behavior: https://paste.swordarmor.fr/0WYq This port is used fo

[mailop] Apple, iPhone setup, attempts SSL on port 587

2015-07-30 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A client with a new iPhone (not sure what model), attempts to setup imap/smtp using starttls. As part of the setup, the iPhone apparently probes the smtp server on port 587 with an SSL handshake: Jul 29 21:31:34 ns1 sendmail[20641]: t6U4VYQL020641: