[130093] in North American Network Operators' Group
Re: Randy in Nevis
daemon@ATHENA.MIT.EDU (Robert E. Seastrom)
Tue Sep 28 08:40:28 2010
To: Owen DeLong <owen@delong.com>
From: "Robert E. Seastrom" <rs@seastrom.com>
Date: Tue, 28 Sep 2010 08:40:12 -0400
In-Reply-To: <3FDF6338-0C7E-49FB-B3E5-85BBD4100EC1@delong.com> (Owen DeLong's
message of "Mon, 27 Sep 2010 20:29:49 -0700")
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Owen DeLong <owen@delong.com> writes:
> On Sep 27, 2010, at 9:30 AM, Lyndon Nerenberg wrote:
>
>> On 10-09-27 7:20 AM, Robert E. Seastrom wrote:
>>> "Cannot establish SSL with SMTP server 67.202.37.63:465" does not
>>> sound like a 587 problem to me.
>>>
>>> netalyzr folks? comment?
>>
>> Sorry, I hit send too soon ...
>>
>> I've heard from a couple of people that the PIX will remap 587 (and 25)
>> to oddball ports if you fiddle the config just right. Given all the
>> other bogosity that box does with SMTP I wonder if there's truth to the
>> rumour. (I haven't found anyone who can reproduce this on demand, so
>> it's still apocryphal for now.)
>
> 465 is not an odd-ball port, it's the standard well-known port for STMPS.
> Fortunately, few people actually use SMTPS, preferring instead to do their
> security via TLS using the STARTTLS model after connecting to 25/587.
That doesn't explain why the test of port 587/starttls is trying to
connect to the well-known port for smtps.
-r
