Sign in to follow this  
Followers 0
jefft

Beta Test Outgoing SMTP AUTH

96 posts in this topic

OK .. thanks .. of all the things I checked/unchecked/etc. ....

for future use;

SSL on port 25 works fine

SSL on port 587 does not work

I vaguely recall SSL will only work on "port 465"? (and or port 25)

("port 465" is not an option for SpamCop email)

Edited by petzl

Share this post


Link to post
Share on other sites
I vaguely recall SSL will only work on "port 465"? (and or port 25)

("port 465" is not an option for SpamCop email)

Well, I'm looking at http://www.openssl.org/docs/apps/s_server.html# as a for instance, where the port can be defined.

-accept port

the TCP port to listen on for connections. If not specified 4433 is used.

And looking a bit further, what I was needing to really look at is found at http://www.openssl.org/docs/crypto/BIO_s_connect.html# .. as the above is basically for 'testing' purposes .....

What I don't know is just what JT actually has running on this particular server. e-mail sent to ask .....

Share this post


Link to post
Share on other sites

Looking through that page (several times) it may boil down to that only one port can be assigned for the particular instance of an SSL server.

Noting that some laughing was done when seeing that 'gopher' is (still) on the list of 'authorized' port/standard names .....

Share this post


Link to post
Share on other sites
Looking through that page (several times) it may boil down to that only one port can be assigned for the particular instance of an SSL server.

Noting that some laughing was done when seeing that 'gopher' is (still) on the list of 'authorized' port/standard names .....

Then for/to retrieval a secure connection (SSL)' under 'Incoming mail (POP3).' The port will need changing to 995 (instead of 110)

Share this post


Link to post
Share on other sites
Then for/to retrieval a secure connection (SSL)' under 'Incoming mail (POP3).' The port will need changing to 995 (instead of 110)

ummmm ... this Topic is for 'outgoing' stuff ....

Though admitting that I did check, and yes, my IMAP connectin os SSL via port 993 .... but this is also connected to imap.spamcop.net .. whereas this Beta SMTP server connects to smtp.cesmail.net .. a different server in that farm JT is growing <g>

Share this post


Link to post
Share on other sites
ummmm ... this Topic is for 'outgoing' stuff ....

Though admitting that I did check, and yes, my IMAP connectin os SSL via port 993

Sorry to be off topic but 993 is for IMAP

Share this post


Link to post
Share on other sites
Wazoo wrote:

> Trying to work around a fried system here ... trying to set

> up some scrap Win-XP machines here .. ran into an issue

> with the SMTP server .. specifically finding that SSL doesn't

> work on the Port 587 setting. I have no idea what's running

> on that server, but note that OpenSSL includes the listening

> port assignemt as part of the BIO_s configuration.

>

> http://www.openssl.org/docs/crypto/BIO_s_connect.html#

> seems to suggest that adding port 587 to this should allow

> the use of the SSL connection ....????

>

> Or is it limited to 'one' port .... as I do see it working on

> port 25 just fine.

I think SSL won't work, but TLS should. Same thing, just different way

of getting it started. You should be able to do TLS on either port 25 or

port 587. If that doesn't work, let me know.

Jeff

Which led to more research ... once again, this appears to be a Microsoft issue, extending across the whole chain, Outlook, Outlook Express, PC, and Mac ... various snippets as found around the world;

http://www.msen.com/g/TLS.html

If you are on a cable modem or in a hotel that blocks port 25 for outgoing email, you can use the Port 587 Mail Submission protocol for SMTP. It requires you to send your username/password to the server to authenticate the connection. Microsoft Outlook Express cannot seem to get 587 SMTP-AUTH and TLS/SSL working together, so you need to set your settings to what is below to make it work.

http://www.aet.tu-cottbus.de/pipermail/pos...000/000114.html

(Yeah, I know, OE5 for Mac, Outlook used in the description, but .... data seems to fit)

* For now I think there is a misunderstanding of concepts:

- imaps and pop3s (either realized with stunnel or built into the latest

UofW imapd) uses a wrapping solution. That is, a special port is opened,

the SSL-handshaking takes place and only after that, the actual IMAP or

POP transaction takes place.

[These solutions are deprecated and intented to go away as there are

by now protocol-based solutions defined, but I don't know of any

clients actually realizing it.]

- There also was a port 465 defined for smpts, SMTP with SSL wrapping,

just like imaps and pop3s.

This is what Outlook (Win32) does when not connecting to port 25. It is

incompatible with SMTP and not supported by Postfix/TLS and sendmail.

- There is a protocol extension STARTTLS inside SMTP running in normal

mode, that only activates TLS inside the SMTP protocol.

This is what Netscape does when connecting to all ports and what

Outlook (Win32) does when connecting to port 25.

It is the native protocol spoken by Postfix/TLS and sendmail.

- To make things even more complicated with Outlook, Outlook (Win32)

has only on button to check for "SSL", but switches the behaviour

depending on the server port (25 or !=25) _and_ Microsoft calls this

"SSL" when taking about the wrapper solution and "TLS support" when

actually meaning the STARTTLS protocol extension.

* Now, what sendmail-tls does is, check whether the client issues the

bytes necessary to start a SSL-wrapper connection and switches to

wrapper mode. So I guess, that IE(Mac) only supports the old wrapper

solution, not the new protocol-integrated STARTTLS extension.

http://it.jhu.edu/email/relay/smtp/outlook.html

Click on the "Advanced" tab and check "This server requires an encrypted connection (SSL)" under the "Outgoing server (SMTP):" option. NOTE: Although in Outlook the option is advertised as SSL, the email client is really using TLS when the port being used is port 25. When using any other port than port 25, the email client uses SSL. So, when reading documentation referring to TLS, this pertains to Outlook using SSL on port 25.

A bit confusing as one keeps running into the mixing up of Outlook and Outlook Express in various write-ups .... version nnumbers rarely make an appearance for some reason .... but the general theme is pretty clear ....

Share this post


Link to post
Share on other sites

I attempted to send an email to a known corporation (Ashley Funrniture) ashleyfurniture.com

via c60.cesmail.net

It bounced back with an error message indicating

5.1.0 - Unknown address error 554-'Service unavailable; Client host [216.154.195.49] blocked using bl.csma.biz; http://bl.csma.biz/cgi-bin/listing.cgi?ip=...mp;src=ewr'

Further checking on DNSSTUFF.COM indicates, it is also on the another version of their list, plus 1 other list.

But the site(bl.csma.biz) did give a 'removal' button, which I used...

A second list on bl.csma.biz had not removal option...

Also the other size (http://www.wpbl.info/) gave a removal button, which I used..

Edited by xzr1tv

Share this post


Link to post
Share on other sites

Good catch! There does seem to be something to these listings, and JT should be looking into it, because one of the things we pay him for is deliverability of our outbound mail. Take a look at this table from the bl.csma.biz site:

bl.csma.biz listing info

spam and removal history for 216.154.195.49 (times in UTC):

Sun Mar 5 04:28:38 2006 removed from list

Wed Nov 1 23:12:34 2006 removed from list

Fri Jan 26 18:12:49 2007 removed from list

Sat Feb 17 20:25:28 2007 Received - Re: in uganda

Sat Feb 17 20:25:59 2007 Received - Re: pomona turquoise

Sat Feb 17 20:26:00 2007 Received - Re: pomona turquoise

Sat Feb 17 20:26:13 2007 Received - Re: pomona turquoise

Thu Mar 8 14:22:58 2007 removed from list

Wed Jul 4 03:24:37 2007 Received - (no subject)

Tue Jul 17 21:13:37 2007 Received - (no subject)

Tue Jul 17 21:16:41 2007 Received - (no subject)

Tue Jul 17 21:16:42 2007 Received - (no subject)

Tue Jul 17 21:16:43 2007 Received - (no subject)

Wed Jul 18 06:37:50 2007 Received - (no subject)

Tue Jul 31 04:17:52 2007 Received - (no subject)

Tue Jul 31 16:07:48 2007 Received - (no subject)

Wed Aug 1 01:42:39 2007 removed from list

Wonder what all those recent "no subject" messages are? There's a contact form there with an option for System Admins, so maybe we can ask JT to try to contact them:

http://bl.csma.biz/gethelp.php?showform=yes

Apparently the company (McFadden Associates) has been acquired by "Infradapt" (http://www.infradapt.com).

There's a different problem with c60.cesmail.net, however. If you look up the SC report history on the IP address [216.154.195.49], you shouldn't see anything, but here they are:

Submitted: Sunday, July 29, 2007 7:42:34 PM -0700:

Show me now

* 2411010169 ( http://www.saleunit.org/ ) To: abuse[at]prodigy.net

* 2411010168 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net

* 2411010166 ( 209.239.39.68 ) To: abuse[at]alabanza.com

Submitted: Saturday, July 28, 2007 7:10:19 AM -0700:

Delivery Status Notification (Failure)

* 2408456407 ( 216.154.195.49 ) To: mailsys[at]admin.spamcop.net

Submitted: Thursday, July 26, 2007 3:10:11 AM -0700:

Re: Hallo!

* 2404736980 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net

* 2404736964 ( 209.239.39.68 ) To: abuse[at]alabanza.com

Submitted: Wednesday, July 25, 2007 10:39:46 AM -0700:

Hi!

* 2403812373 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net

* 2403812361 ( 209.239.39.68 ) To: abuse[at]alabanza.com

Submitted: Monday, July 23, 2007 7:14:58 AM -0700:

Re: Photo

* 2400178603 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net

* 2400178552 ( 209.239.39.68 ) To: abuse[at]alabanza.com

Submitted: Monday, July 23, 2007 6:31:03 AM -0700:

Delivery Status Notification (Failure)

* 2400119310 ( 216.154.195.49 ) To: mailsys[at]admin.spamcop.net

Submitted: Thursday, July 19, 2007 1:39:51 PM -0700:

Thanks, we accepted your refinance debt request

* 2393976750 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net

* 2393976716 ( 209.239.39.68 ) To: abuse[at]alabanza.com

Submitted: Thursday, July 19, 2007 1:39:16 PM -0700:

Interested in your product

* 2393975511 ( http://www.emailbrain.com/ ) To: support[at]rackmounted.com

* 2393975498 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net

* 2393975443 ( 209.239.39.68 ) To: abuse[at]alabanza.com

Submitted: Thursday, July 19, 2007 1:38:20 PM -0700:

Fwd: Thank you, we are ready to lend some cash regardless of Credit

* 2393972908 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net

* 2393972868 ( 209.239.39.68 ) To: abuse[at]alabanza.com

Submitted: Thursday, July 19, 2007 1:36:36 PM -0700:

$59.95 50mg x 10 pills

* 2393970114 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net

* 2393970089 ( 209.239.39.68 ) To: abuse[at]alabanza.com

There are even more if you click on "older reports." Notice how almost all involve a second IP from Alabanza.com? That's a server farm, a "host of hosts," with lots of shared hosting, so what we have here is a SC Email customer who is reporting the SC server because they haven't properly set up their Mailhosts. They probably have things set up for SC to pop their messages from their own domain on the Alabanza-based server and then they're probably using VER or the like to mass-report their Held Mail and aren't paying attention to which IPs are being reported.

So, the SpamCop Admin also has something he should be doing here...he should suspend the reporting privs for the SC Email user whose domain is at that IP address, which resolves to host4.absolute-hosting.net.

DT

Share this post


Link to post
Share on other sites

I'm getting the warning message about the expired certificate too.

By the way, what's the status on this SMTP service? Is it still "beta"? Is it going to become a permanent feature?

Share this post


Link to post
Share on other sites

In case you are not aware of it (I did not find any forum topic...): The SSL certificate for the outgoing mail server "smtp.cesmail.net" has expired some days ago.

Moderator Edit: merged this 'new' Topic into the existing Discussion that covers the same ground. PM sent.

Edited by Wazoo

Share this post


Link to post
Share on other sites

e-mail sent upstream asking about the certificate and Beta status ....

Share this post


Link to post
Share on other sites
I'm getting the warning message about the expired certificate too.

JT has advised that a new certificate has been installed.

By the way, what's the status on this SMTP service? Is it still "beta"? Is it going to become a permanent feature?

JT's reply;

As far as "beta" the status is that the service is working and staying. .... We have no intention to shut it down.

He goes on to state that there is more work to be done in the future that will then allow it to be moved into an "official part of the system" ..... Announcements will be made at that time.

Share this post


Link to post
Share on other sites

Thanks for the answers. :)

I've been having some problems recently with email sent via Spamcop's SMTP getting delayed by several hours. The email headers indicate the delay is caused by either Spamcop or the server that receives the email from Spamcop. I'm not sure how to further isolate the cause of the problem.

Share this post


Link to post
Share on other sites

Thanks for the answers. :)

I've been having some problems recently with email sent via Spamcop's SMTP getting delayed by several hours. The email headers indicate the delay is caused by either Spamcop or the server that receives the email from Spamcop. I'm not sure how to further isolate the cause of the problem.

If you e-mail the headers to support[at]spamcop.net we'll look into what's causing the delay.

-Trevor

Share this post


Link to post
Share on other sites
Wow, I just found out about the SMTP AUTH server. That is great!

Kind of makes one wonder why 'we' even mess around with the Announcements section, doesn't it?

Share this post


Link to post
Share on other sites
I attempted to send an email to a known corporation (Ashley Funrniture) ashleyfurniture.com via c60.cesmail.net

It bounced back with an error message indicating

5.1.0 - Unknown address error 554-'Service unavailable; Client host [216.154.195.49] blocked using bl.csma.biz;

I'm giving this item/topic a "bump" because, as shown in a new topic:

cesmail.net being blocked by iwon.com and craigslist.com

some sites are beginning to block the messages sent via c60.cesmail.net, which is the host which sends out the messages from SC webmail and also from the SMTP AUTH system. This needs administrative attention, IMO.

DT

Share this post


Link to post
Share on other sites

I've been happily using the SMTP AUTH process for outgoing mail since shortly after it was introduced.

Every so often I send myself a copy of an outgoing Email and direct it to my SpamCop Email account.

Recently I enabled the pbl.spamhaus.net block list on that account and suddenly find that mail I send to myself is blocked.

It was easy enough to discover that when I send a message through smtp.cesmail.net on port 587 using SMTP AUTH, the source of the Email remains at my home machine's IP even though the Spamhause FAQ says that

PBL listings do not affect sending mail via legitimate "smarthost" mail servers using SMTP AUTH, as operated by all ISPs.

I can overcome the issue by switching to an alternative SMTP server but I'm wondering if there is a strange config for the SC smtp machine. Anyone have any knowledge?

Andrew

Share this post


Link to post
Share on other sites
I can overcome the issue by switching to an alternative SMTP server but I'm wondering if there is a strange config for the SC smtp machine. Anyone have any knowledge?
I know this is a bit old, but I just found out about the SMTP service and I too had that issue. The problem is this: the PBL is designed to block all email that doesn't come from an ISP's SMTP servers, because using other SMTP servers is a TOS violation. For example, I'm on Comcast, all Comcast subscribers are supposed to send their email through Comcast's servers (and port 25 is blocked as part of this). However if I use Spamcop's SMTP server, then I'm breaking this rule and the PBL picks up on this.

Of course this creates a pretty ugly problem: either I have to use Comcast's SMTP server and have my email coming from a wrong server (which indicates it may be spam), or I use the Spamcop SMTP server and have it come from the right server (complete with a SPF certificate) but then it will get shot down by blacklists by the PBL. I don't like it, I don't like it one bit, but I'm not sure there's anything that can be done. From what I've read, a smarthost setup (Spamhaus' prescribed solution) doesn't solve this problem.

Spamcop could always rewrite email headers to hide the real sender's IP address, making the email look like it only came from a Spamcop server, but that's obviously dishonest.

I would like to hear from other people however (SC employees in particular) on if there's any other way around this issue besides using webmail. Although it's not really SC's problem (that falls more in to the hands of Comcast and whoever is using the PBL) I suspect SC would be the only person that can be bothered to even care about the issue, let alone come up with some resolution.

Share this post


Link to post
Share on other sites
I would like to hear from other people however (SC employees in particular) on if there's any other way around this issue besides using webmail.

For me the solution was to stop using the PBL :)

Andrew

Share this post


Link to post
Share on other sites
For me the solution was to stop using the PBL :)
It's not myself I'm worried about (I don't usually email myself), it's everyone else using the PBL. :P

Share this post


Link to post
Share on other sites
It's not myself I'm worried about (I don't usually email myself), it's everyone else using the PBL. :P

I've never had an issue having my messages blocked by the PBL for others.

Also, I would like to see you TOS that says you can not use external SMTP servers. I know it is not against my TOS.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0