For years I used port 465 for my outgoing email with no problem, but suddenly my desktop client (eM Client) refused to send messages. I went to my provider for advice and they claim they haven't changed any settings and it's my client's fault. Hmm... I've changed the port to 587 and it works smoothly now.
But I've noticed that my mobile client (AirMail on iOS) still uses port 465! What's more, when I tried updating it to 587, it stopped working and I had to revert to 465.
So now I have working mail on desktop on port 587 and on mobile on port 465, all with the same provider! It's no real issue, but I can help wondering: what's the real reason for it? Can it be actually attributed to the client software I use?
It would be much easier to provide useful answers if you could provide more details, such as what error responses your clients got from the server when they tried to send email, and what you tried to do to fix the problem.
This is a bit of a wild guess: maybe your desktop is no longer able to send email over a secure (TLS) connection on port 465, but it can send email over an insecure connection on port 587. That might indicate a problem with a certificate.
Indeed! Here's the error message I was getting:
[CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk QUOTA STARTTLS AUTH=PLAIN AUTH = LOGIN] Dovecot ready.'.
I may be wrong as I have no access to my desktop at the moment but I believe that sending over 587 happens with SSL, at least that's the security set in the account configuration.
Related
How do i find out what SMTP port the corporation i work for has set up for it's email server?
I've tried searching for it via outlook but it doesn't give me the option.
I'm looking for an answer that i'll be able to do via cmd.
Posting this question here so future individuals who are in my position will know what to do
The default SMTP port for most mail servers is port 25; either that or port 587 if you are using explicit SSL. If you are using implicit SSL, then it is port 465. You should be able to discover the port through Outlook; here is an article: https://www.doteasy.com/domain-email-and-website-hosting-articles/how-to-update-your-smtp-port-ssl-settings-and-smtp-authentication
If like me you work for a large company, the issue is that IT are blocking the ports. You need to go and have a word with the IT department to get it fixed.
I have installed freeswitch on a machine which is kept in the LAN behind the firewall named PFSense.I was looking in the freeswitch logs and I found that there are some unknown sip request coming from the unknown IP from outside of the network.
I have not done any setting or port forwarding in the pfsense.But don't know why this is happening.Please tell me how can I block those requests.
Thanks
it's most probably just typical port scanners. They scan for port 5060 and then try to send some INVITE or REGISTER requests there. It's quite harmless if your PBX is secure enough.
I have a problem for a couple of days ago me going crazy, I have a script that sends mails using phpMailer and arsys.
The fact is that the overnight stops working, check the code and seems fine, it's more, it works correctly if I run it from the test server that comes through another IP.
I found that the server was not on any spam blackList and found the reference to be to a PBL, me worry about removing it from there.
Anyway, I still can not send mail from that server and both my other test script I programmed work correctly on development server but not on the production server.
The error that is specifically this
SMTP -> ERROR: EHLO not accepted from server:
SMTP -> ERROR: HELO not accepted from server: 220 ESMTP Postfix smtp-04.servidoresdns.net
SMTP -> ERROR: AUTH not accepted from server: 250-250-llsg993-a04.servidoresdns.net PIPELINING 250-SIZE 51200000 250-ETRN 250-250-STARTTLS AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-AUTH = DIGEST MD5 CRAM-MD5 LOGIN PLAIN 250-250 8BITMIME ENHANCEDSTATUSCODES
It says it can not authenticate the credentials are fine but since the same script from another server goes perfectly.
Also came through a tcptraceroute to port 25 SMTP server.
Only strange thing I see is that when running
tcptraceroute p 25 smtp.miservidor.com
He says:
Sorry, Local Requested port is already in use. Use P, instead of p, to override.
But after using P instead of p and functions
Anyone shed me some light on this?
Who may be filtering my IP address ??
It's very common for ISPs to block outbound connections to port 25 by default. Try using SMTPSecure = 'tls' and Port = 587 - that server definitely responds on that port.
Connection problems are covered in the PHPMailer docs.
I noticed that never answered this question, the problem was the time, the function did not have enough time to contact with server. I increased the time in phpMailer class and everything went back to work.
I have a web app that sends email via SMTP (Gmail, Zoho Mail servers). The thing is, the email sending works in my localhost but not on my VPS (using WHM).
I contacted support and the guy replied:
If your VPS has ConfigServer Firewall (CSF) installed then this would
most likely be causing the problem. As it is working on localhost but
not externally this certainly sounds like it might be the case. You
will need to review the firewall configuration on the VPS and ensure
hose ports are allowed outbound.
But when it comes to server management and configuration, I'm totally lost. I did check the CSF settings page on WHM but not sure where to start.
Any recommendation or solution would be appreciated.
You have to allow outgoing traffic to ports 25, 465, 587 and in the case of Mandrill 2525 as will. You should actually be fine enabling only the one you will connect to. So:
sudo vim /etc/csf/csf.conf
add 25,2525,465,587 to TCP_OUT, and to TCP6_OUT if you use IPv6.
You might also need to remove that ports from SMTP_PORTS if you have SMTP_BLOCK enabled (if it is set to 1).
Source: https://community.centminmod.com/threads/csf-firewall-info.25/#post-6613
SMTP allows unecrypted communication over port 25. For some servers (like Google's MX servers) I'm able to switch to a TLS connection using STARTTLS after making the initial unencrypted connection.
S:220 mx.google.com ESMTP l1si352658een.133
C:EHLO mail.example.com
S:250-mx.google.com at your service
S:250-SIZE 35882577
S:250-8BITMIME
S:250-STARTTLS
S:250-ENHANCEDSTATUSCODES
S:250 PIPELINING
C:STARTTLS
S:220 2.0.0 Ready to start TLS
[socket switches to TLS here]
C:EHLO mail.example.com
...
However, I would also like to support straight SSL connections and I'm wondering whether most mail servers prefer starting with SSL or starting with TCP and then moving to TLS after a connection is made.
Unless you have prior arrangements with the administrator of a sever, don't try to connect using SSL. Port (465) was used for SSMTP or SMTPS (SMTP over SSL). Connections to this port were expected to start the connecton with SSL. Use of this port and protocol has been abandoned now that StartTLS is available.
There are two ports which may support SMTP with StartTLS. Neither are expected to support SSL without StartTLS, and will likely drop the connection if you try. Both the SMTP (25) and Submission (587) may support StartTLS. If it is supported, it wlll be listed in the response to an EHLO message. You can then initiate the StartTLS process. See RFC 3207 for more details.
It appears from your comments, that your real concern is how to verify the certificate. That is a different but related question. It also assumes that mail servers are not using self-signed certificates. In my case, I use a self-signed certificate. This works well for me as StartTLS is rarely, if ever, used for SMTP (port 25) connections. I have reasonable control over the clients connecting for message Submission (port 587 or port 25) that must authenticate before sending messages. In my experience, StartTLS is mainly used to secure the connection for clients that must authenticate before sending email.
The support for SSL/TLS on connect (SMTPS) or SSL/TLS after STARTTLS really varies from one server to another, depending on the software and how they've been configured.
The main advantage of SSL/TLS on connect is that it doesn't require any changes in the application protocol. In fact, you could wrap the connection using something like stunnel on each side.
The main advantage of SSL/TLS after STARTTLS is that it can be done on the same port. Another advantage could be to be able to host multiple host names (replacing the need for Server Name Indication at the TLS level), but I'm not sure this has ever been used for SMTP servers.
STMPS (SSL/TLS on connect) doesn't have an official specification and uses a port number for which it is not registered (465). It's also deprecated, in theory. Yet, a number of servers can support it (e.g. Exim) and will be able to support both if they are able to do so: it will be up to the hosting service to choose what to configure.
If you're writing a client and already have support for STARTTLS, it should be fairly cheap to support SSL/TLS upon connect too. It's certainly a good idea to support both, since it will be usable by a wider number of users (if I remember correctly, Gmail used to support only SMTPS at some point, and it can also be useful in case of a firewall that would block one of the ports only).
Both can offer similar levels of security, as long as SSL/TLS is used, one way or another (and that proper certificate verification, including host name, is performed).
There is generally some confusion regarding the difference between SSL and TLS. For some reason, it seems that a number of e-mail software implementations failed to realise that the most important word in "STARTTLS" is "START", not TLS (in terms of connection mode and protocol choice). This confusion has unfortunately propagated to some software configuration options (even in popular mail clients) and thus in ISP documentations. Expect your users to be confused.
Whichever mode you want to support, make sure it doesn't have a "Use TLS, if available" option, which would fall back to a plain exchange if SSL/TLS wasn't available: this opens the connections to MITM attacks.