Re: smtp perplexities

From: Albrecht Dreß <albrecht dress arcor de>
To: Jack <ostroffjh users sourceforge net>
Cc: balsa-list gnome org
Subject: Re: smtp perplexities
Date: Fri, 24 Feb 2017 16:51:56 +0100

Hi Jack:

Am 24.02.17 02:17 schrieb(en) Jack:

SMTP over SSL: Connecting MTA frontier (smtp.frontier.com:smtp) failed: Error performing TLS handshake. An un 
expected TLS packet was received.


SMTP over SSL (aka SMTPS) uses service 'smtps' or 'ssmtp', which is bound to port 465, whereas smtp is port 
25.  You can just omit the service part (i.e. just use 'smtp.frontier.com'), as port 465 is the default in 
this case.

With your setting (port 25), the remote MTA starts with sending the SMTP greeting instead of the TLS 
handshake, which triggers the error message above.

BTW, if you omit the service part for the other options (STARTTLS and unencrypted), the default port is 587 aka 
"submission", /not/ 25 aka "smtp", as this has been the setting in Balsa since ages.  The standard suggests 
using submission, but in practice almost all ISP's use smtp, though...

Require TLS: Connecting MTA frontier (smtp.frontier.com:smtp) failed: remote server does not support STARTTLS.


This may happen, although most ISP's offer STARTTLS these days, because the use of port 465 for SMTPS has been 
officially withdrawn in 1998 (!!).  The TCP port 465 is now registered for "URL Rendesvous Directory for 
SSM", but in practice still being used for SMTPS...

Optional TLS: Connecting MTA frontier (smtp.frontier.com:smtp) failed: no suitable authentication mechanism.


As the remote server does not support STARTTLS, an unencrypted connection is established.  My new smtp 
implementation in this case limits the authentication mechanisms to those which do /not/ transmit your 
credentials in plain-text, i.e. with the current implementation to CRAM-MD5 or CRAM-SHA1 (given that MD5 and 
SHA1 can be broken with some effort, this is not absolutely safe, but better than plain-text).  Either the 
remote server does not offer authentication for unencrypted connections at all (which would be a decent 
configuration), or only plain-text, which is a bad idea.

I then started googling, and found a message I sent to this list in 2011, suggesting using port 587 instead of 465.  At 
that point, I noticed the ":smtp" in the outgoing server (but not in the server for my other two mail hosts) 
and just removed it.  Now it seems to work.


See above - for ssmtp, it now uses port 465...

BTW, I recently updated the README file with these explanations - maybe I should also adjust the help file...

Cheers,
Albrecht.

Attachment: pgpnN_nm7G9h0.pgp
Description: PGP signature

References:
- smtp perplexities
  - From: Jack

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]