Haraka
Replies: 2 comments 5 replies
-
|
Port 25 can be encrypted, when both ends supports it. Haraka will opportunistically encrypt the connection if the remote supports it. |
Beta Was this translation helpful? Give feedback.
-
|
We're aware of the differences between the ports; The reason we were asking is that we are on a hosting provider that blocks outbound port 25, but does not block 465 or 587. Because of that, Haraka's initial outbound connection to a port 25 endpoint fails, and at that point it just gives up rather than trying other ports, or allowing us to start with a different port. We have now solved it by having the provider open the port, but it would be useful to be able to specify it in config instead of having to hack package files. |
Beta Was this translation helpful? Give feedback.
-
|
But that's not a universal solution. MTAs aren't required to listen on ports 465 and/or 587. Only MTAs that are also acting as a MSA will be listening on both. |
Beta Was this translation helpful? Give feedback.
-
|
Oh we know that too, but it's still a lot better than not being able to send anything at all. These days it's relatively rare to find servers that don't do it. |
Beta Was this translation helpful? Give feedback.
-
|
No, really it's not. Mail that works "some of the time" is much worse than email that works all the time. In a situation like that, you have effectively an unreliable connection to the internet (b/c port 25 isn't always open). There at least two reasonable solutions: get your ISP to open outbound port 25, or use a server elsewhere with reliable internet and relay mail to that. |
Beta Was this translation helpful? Give feedback.
-
|
We knew we would solve it properly eventually, but this was during development and it prevented us testing things. |
Beta Was this translation helpful? Give feedback.
-
|
For the record, port 587 works exactly the same as port 25: the SMTP sender connects to the remote in plain text, issues a HELO or EHLO, and then if the remote supports it, upgrades the connection using STARTTLS. If you want to only connect to completely (all or nothing) encrypted ports, you need to use port 465 for that. |
Beta Was this translation helpful? Give feedback.
-
Is it possible to prefer/force encrypted ports for outbound instead of port 25?
As it's partly hardcoded here:
https://github.com/haraka/Haraka/blob/master/outbound/hmail.js#L361
We tried changing it to 587 and worked well.
Not sure how it can (sometimes?) set the port from MX on this line: https://github.com/haraka/Haraka/blob/master/outbound/hmail.js#L210
I'm not sure what the RFC say about using encrypted ports for outbound SMTP
Beta Was this translation helpful? Give feedback.
All reactions