petzl Posted May 30, 2007 Share Posted May 30, 2007 (edited) OK .. thanks .. of all the things I checked/unchecked/etc. .... for future use; SSL on port 25 works fine SSL on port 587 does not work I vaguely recall SSL will only work on "port 465"? (and or port 25) ("port 465" is not an option for SpamCop email) Edited May 30, 2007 by petzl Quote Link to comment Share on other sites More sharing options...
Wazoo Posted May 30, 2007 Share Posted May 30, 2007 I vaguely recall SSL will only work on "port 465"? (and or port 25) ("port 465" is not an option for SpamCop email) Well, I'm looking at http://www.openssl.org/docs/apps/s_server.html# as a for instance, where the port can be defined. -accept port the TCP port to listen on for connections. If not specified 4433 is used. And looking a bit further, what I was needing to really look at is found at http://www.openssl.org/docs/crypto/BIO_s_connect.html# .. as the above is basically for 'testing' purposes ..... What I don't know is just what JT actually has running on this particular server. e-mail sent to ask ..... Quote Link to comment Share on other sites More sharing options...
Wazoo Posted May 30, 2007 Share Posted May 30, 2007 Looking through that page (several times) it may boil down to that only one port can be assigned for the particular instance of an SSL server. Noting that some laughing was done when seeing that 'gopher' is (still) on the list of 'authorized' port/standard names ..... Quote Link to comment Share on other sites More sharing options...
petzl Posted May 30, 2007 Share Posted May 30, 2007 Looking through that page (several times) it may boil down to that only one port can be assigned for the particular instance of an SSL server. Noting that some laughing was done when seeing that 'gopher' is (still) on the list of 'authorized' port/standard names ..... Then for/to retrieval a secure connection (SSL)' under 'Incoming mail (POP3).' The port will need changing to 995 (instead of 110) Quote Link to comment Share on other sites More sharing options...
Wazoo Posted May 30, 2007 Share Posted May 30, 2007 Then for/to retrieval a secure connection (SSL)' under 'Incoming mail (POP3).' The port will need changing to 995 (instead of 110) ummmm ... this Topic is for 'outgoing' stuff .... Though admitting that I did check, and yes, my IMAP connectin os SSL via port 993 .... but this is also connected to imap.spamcop.net .. whereas this Beta SMTP server connects to smtp.cesmail.net .. a different server in that farm JT is growing <g> Quote Link to comment Share on other sites More sharing options...
petzl Posted May 30, 2007 Share Posted May 30, 2007 ummmm ... this Topic is for 'outgoing' stuff .... Though admitting that I did check, and yes, my IMAP connectin os SSL via port 993 Sorry to be off topic but 993 is for IMAP Quote Link to comment Share on other sites More sharing options...
Wazoo Posted June 3, 2007 Share Posted June 3, 2007 Wazoo wrote: > Trying to work around a fried system here ... trying to set > up some scrap Win-XP machines here .. ran into an issue > with the SMTP server .. specifically finding that SSL doesn't > work on the Port 587 setting. I have no idea what's running > on that server, but note that OpenSSL includes the listening > port assignemt as part of the BIO_s configuration. > > http://www.openssl.org/docs/crypto/BIO_s_connect.html# > seems to suggest that adding port 587 to this should allow > the use of the SSL connection ....???? > > Or is it limited to 'one' port .... as I do see it working on > port 25 just fine. I think SSL won't work, but TLS should. Same thing, just different way of getting it started. You should be able to do TLS on either port 25 or port 587. If that doesn't work, let me know. Jeff Which led to more research ... once again, this appears to be a Microsoft issue, extending across the whole chain, Outlook, Outlook Express, PC, and Mac ... various snippets as found around the world; http://www.msen.com/g/TLS.html If you are on a cable modem or in a hotel that blocks port 25 for outgoing email, you can use the Port 587 Mail Submission protocol for SMTP. It requires you to send your username/password to the server to authenticate the connection. Microsoft Outlook Express cannot seem to get 587 SMTP-AUTH and TLS/SSL working together, so you need to set your settings to what is below to make it work. http://www.aet.tu-cottbus.de/pipermail/pos...000/000114.html (Yeah, I know, OE5 for Mac, Outlook used in the description, but .... data seems to fit) * For now I think there is a misunderstanding of concepts: - imaps and pop3s (either realized with stunnel or built into the latest UofW imapd) uses a wrapping solution. That is, a special port is opened, the SSL-handshaking takes place and only after that, the actual IMAP or POP transaction takes place. [These solutions are deprecated and intented to go away as there are by now protocol-based solutions defined, but I don't know of any clients actually realizing it.] - There also was a port 465 defined for smpts, SMTP with SSL wrapping, just like imaps and pop3s. This is what Outlook (Win32) does when not connecting to port 25. It is incompatible with SMTP and not supported by Postfix/TLS and sendmail. - There is a protocol extension STARTTLS inside SMTP running in normal mode, that only activates TLS inside the SMTP protocol. This is what Netscape does when connecting to all ports and what Outlook (Win32) does when connecting to port 25. It is the native protocol spoken by Postfix/TLS and sendmail. - To make things even more complicated with Outlook, Outlook (Win32) has only on button to check for "SSL", but switches the behaviour depending on the server port (25 or !=25) _and_ Microsoft calls this "SSL" when taking about the wrapper solution and "TLS support" when actually meaning the STARTTLS protocol extension. * Now, what sendmail-tls does is, check whether the client issues the bytes necessary to start a SSL-wrapper connection and switches to wrapper mode. So I guess, that IE(Mac) only supports the old wrapper solution, not the new protocol-integrated STARTTLS extension. http://it.jhu.edu/email/relay/smtp/outlook.html Click on the "Advanced" tab and check "This server requires an encrypted connection (SSL)" under the "Outgoing server (SMTP):" option. NOTE: Although in Outlook the option is advertised as SSL, the email client is really using TLS when the port being used is port 25. When using any other port than port 25, the email client uses SSL. So, when reading documentation referring to TLS, this pertains to Outlook using SSL on port 25. A bit confusing as one keeps running into the mixing up of Outlook and Outlook Express in various write-ups .... version nnumbers rarely make an appearance for some reason .... but the general theme is pretty clear .... Quote Link to comment Share on other sites More sharing options...
xzr1tv Posted August 1, 2007 Share Posted August 1, 2007 (edited) I attempted to send an email to a known corporation (Ashley Funrniture) ashleyfurniture.com via c60.cesmail.net It bounced back with an error message indicating 5.1.0 - Unknown address error 554-'Service unavailable; Client host [216.154.195.49] blocked using bl.csma.biz; http://bl.csma.biz/cgi-bin/listing.cgi?ip=...mp;src=ewr' Further checking on DNSSTUFF.COM indicates, it is also on the another version of their list, plus 1 other list. But the site(bl.csma.biz) did give a 'removal' button, which I used... A second list on bl.csma.biz had not removal option... Also the other size (http://www.wpbl.info/) gave a removal button, which I used.. Edited August 1, 2007 by xzr1tv Quote Link to comment Share on other sites More sharing options...
DavidT Posted August 1, 2007 Share Posted August 1, 2007 Good catch! There does seem to be something to these listings, and JT should be looking into it, because one of the things we pay him for is deliverability of our outbound mail. Take a look at this table from the bl.csma.biz site: bl.csma.biz listing info spam and removal history for 216.154.195.49 (times in UTC): Sun Mar 5 04:28:38 2006 removed from list Wed Nov 1 23:12:34 2006 removed from list Fri Jan 26 18:12:49 2007 removed from list Sat Feb 17 20:25:28 2007 Received - Re: in uganda Sat Feb 17 20:25:59 2007 Received - Re: pomona turquoise Sat Feb 17 20:26:00 2007 Received - Re: pomona turquoise Sat Feb 17 20:26:13 2007 Received - Re: pomona turquoise Thu Mar 8 14:22:58 2007 removed from list Wed Jul 4 03:24:37 2007 Received - (no subject) Tue Jul 17 21:13:37 2007 Received - (no subject) Tue Jul 17 21:16:41 2007 Received - (no subject) Tue Jul 17 21:16:42 2007 Received - (no subject) Tue Jul 17 21:16:43 2007 Received - (no subject) Wed Jul 18 06:37:50 2007 Received - (no subject) Tue Jul 31 04:17:52 2007 Received - (no subject) Tue Jul 31 16:07:48 2007 Received - (no subject) Wed Aug 1 01:42:39 2007 removed from list Wonder what all those recent "no subject" messages are? There's a contact form there with an option for System Admins, so maybe we can ask JT to try to contact them: http://bl.csma.biz/gethelp.php?showform=yes Apparently the company (McFadden Associates) has been acquired by "Infradapt" (http://www.infradapt.com). There's a different problem with c60.cesmail.net, however. If you look up the SC report history on the IP address [216.154.195.49], you shouldn't see anything, but here they are: Submitted: Sunday, July 29, 2007 7:42:34 PM -0700: Show me now * 2411010169 ( http://www.saleunit.org/ ) To: abuse[at]prodigy.net * 2411010168 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net * 2411010166 ( 209.239.39.68 ) To: abuse[at]alabanza.com Submitted: Saturday, July 28, 2007 7:10:19 AM -0700: Delivery Status Notification (Failure) * 2408456407 ( 216.154.195.49 ) To: mailsys[at]admin.spamcop.net Submitted: Thursday, July 26, 2007 3:10:11 AM -0700: Re: Hallo! * 2404736980 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net * 2404736964 ( 209.239.39.68 ) To: abuse[at]alabanza.com Submitted: Wednesday, July 25, 2007 10:39:46 AM -0700: Hi! * 2403812373 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net * 2403812361 ( 209.239.39.68 ) To: abuse[at]alabanza.com Submitted: Monday, July 23, 2007 7:14:58 AM -0700: Re: Photo * 2400178603 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net * 2400178552 ( 209.239.39.68 ) To: abuse[at]alabanza.com Submitted: Monday, July 23, 2007 6:31:03 AM -0700: Delivery Status Notification (Failure) * 2400119310 ( 216.154.195.49 ) To: mailsys[at]admin.spamcop.net Submitted: Thursday, July 19, 2007 1:39:51 PM -0700: Thanks, we accepted your refinance debt request * 2393976750 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net * 2393976716 ( 209.239.39.68 ) To: abuse[at]alabanza.com Submitted: Thursday, July 19, 2007 1:39:16 PM -0700: Interested in your product * 2393975511 ( http://www.emailbrain.com/ ) To: support[at]rackmounted.com * 2393975498 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net * 2393975443 ( 209.239.39.68 ) To: abuse[at]alabanza.com Submitted: Thursday, July 19, 2007 1:38:20 PM -0700: Fwd: Thank you, we are ready to lend some cash regardless of Credit * 2393972908 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net * 2393972868 ( 209.239.39.68 ) To: abuse[at]alabanza.com Submitted: Thursday, July 19, 2007 1:36:36 PM -0700: $59.95 50mg x 10 pills * 2393970114 ( 216.154.195.49 ) To: mailsys#admin.spamcop.net[at]devnull.spamcop.net * 2393970089 ( 209.239.39.68 ) To: abuse[at]alabanza.com There are even more if you click on "older reports." Notice how almost all involve a second IP from Alabanza.com? That's a server farm, a "host of hosts," with lots of shared hosting, so what we have here is a SC Email customer who is reporting the SC server because they haven't properly set up their Mailhosts. They probably have things set up for SC to pop their messages from their own domain on the Alabanza-based server and then they're probably using VER or the like to mass-report their Held Mail and aren't paying attention to which IPs are being reported. So, the SpamCop Admin also has something he should be doing here...he should suspend the reporting privs for the SC Email user whose domain is at that IP address, which resolves to host4.absolute-hosting.net. DT Quote Link to comment Share on other sites More sharing options...
mschmitt Posted August 13, 2007 Share Posted August 13, 2007 The SSL certificate for server smtp.cesmail.net expired Saturday, August 11th. Quote Link to comment Share on other sites More sharing options...
Dave_L Posted August 14, 2007 Share Posted August 14, 2007 I'm getting the warning message about the expired certificate too. By the way, what's the status on this SMTP service? Is it still "beta"? Is it going to become a permanent feature? Quote Link to comment Share on other sites More sharing options...
m0urs Posted August 16, 2007 Share Posted August 16, 2007 (edited) In case you are not aware of it (I did not find any forum topic...): The SSL certificate for the outgoing mail server "smtp.cesmail.net" has expired some days ago. Moderator Edit: merged this 'new' Topic into the existing Discussion that covers the same ground. PM sent. Edited August 16, 2007 by Wazoo Quote Link to comment Share on other sites More sharing options...
Wazoo Posted August 16, 2007 Share Posted August 16, 2007 e-mail sent upstream asking about the certificate and Beta status .... Quote Link to comment Share on other sites More sharing options...
Wazoo Posted August 16, 2007 Share Posted August 16, 2007 I'm getting the warning message about the expired certificate too. JT has advised that a new certificate has been installed. By the way, what's the status on this SMTP service? Is it still "beta"? Is it going to become a permanent feature? JT's reply; As far as "beta" the status is that the service is working and staying. .... We have no intention to shut it down. He goes on to state that there is more work to be done in the future that will then allow it to be moved into an "official part of the system" ..... Announcements will be made at that time. Quote Link to comment Share on other sites More sharing options...
Dave_L Posted August 17, 2007 Share Posted August 17, 2007 Thanks for the answers. I've been having some problems recently with email sent via Spamcop's SMTP getting delayed by several hours. The email headers indicate the delay is caused by either Spamcop or the server that receives the email from Spamcop. I'm not sure how to further isolate the cause of the problem. Quote Link to comment Share on other sites More sharing options...
trevorb Posted August 17, 2007 Share Posted August 17, 2007 Thanks for the answers. I've been having some problems recently with email sent via Spamcop's SMTP getting delayed by several hours. The email headers indicate the delay is caused by either Spamcop or the server that receives the email from Spamcop. I'm not sure how to further isolate the cause of the problem. If you e-mail the headers to support[at]spamcop.net we'll look into what's causing the delay. -Trevor Quote Link to comment Share on other sites More sharing options...
Dave_L Posted August 18, 2007 Share Posted August 18, 2007 Trevor: Thanks, I'll do that. Quote Link to comment Share on other sites More sharing options...
SeanC Posted October 27, 2007 Share Posted October 27, 2007 Wow, I just found out about the SMTP AUTH server. That is great! Quote Link to comment Share on other sites More sharing options...
Wazoo Posted October 28, 2007 Share Posted October 28, 2007 Wow, I just found out about the SMTP AUTH server. That is great! Kind of makes one wonder why 'we' even mess around with the Announcements section, doesn't it? Quote Link to comment Share on other sites More sharing options...
DavidT Posted October 31, 2007 Share Posted October 31, 2007 I attempted to send an email to a known corporation (Ashley Funrniture) ashleyfurniture.com via c60.cesmail.net It bounced back with an error message indicating 5.1.0 - Unknown address error 554-'Service unavailable; Client host [216.154.195.49] blocked using bl.csma.biz; I'm giving this item/topic a "bump" because, as shown in a new topic: cesmail.net being blocked by iwon.com and craigslist.com some sites are beginning to block the messages sent via c60.cesmail.net, which is the host which sends out the messages from SC webmail and also from the SMTP AUTH system. This needs administrative attention, IMO. DT Quote Link to comment Share on other sites More sharing options...
agsteele Posted November 6, 2007 Share Posted November 6, 2007 I've been happily using the SMTP AUTH process for outgoing mail since shortly after it was introduced. Every so often I send myself a copy of an outgoing Email and direct it to my SpamCop Email account. Recently I enabled the pbl.spamhaus.net block list on that account and suddenly find that mail I send to myself is blocked. It was easy enough to discover that when I send a message through smtp.cesmail.net on port 587 using SMTP AUTH, the source of the Email remains at my home machine's IP even though the Spamhause FAQ says that PBL listings do not affect sending mail via legitimate "smarthost" mail servers using SMTP AUTH, as operated by all ISPs. I can overcome the issue by switching to an alternative SMTP server but I'm wondering if there is a strange config for the SC smtp machine. Anyone have any knowledge? Andrew Quote Link to comment Share on other sites More sharing options...
ViRGE Posted May 29, 2008 Share Posted May 29, 2008 I can overcome the issue by switching to an alternative SMTP server but I'm wondering if there is a strange config for the SC smtp machine. Anyone have any knowledge?I know this is a bit old, but I just found out about the SMTP service and I too had that issue. The problem is this: the PBL is designed to block all email that doesn't come from an ISP's SMTP servers, because using other SMTP servers is a TOS violation. For example, I'm on Comcast, all Comcast subscribers are supposed to send their email through Comcast's servers (and port 25 is blocked as part of this). However if I use Spamcop's SMTP server, then I'm breaking this rule and the PBL picks up on this. Of course this creates a pretty ugly problem: either I have to use Comcast's SMTP server and have my email coming from a wrong server (which indicates it may be spam), or I use the Spamcop SMTP server and have it come from the right server (complete with a SPF certificate) but then it will get shot down by blacklists by the PBL. I don't like it, I don't like it one bit, but I'm not sure there's anything that can be done. From what I've read, a smarthost setup (Spamhaus' prescribed solution) doesn't solve this problem. Spamcop could always rewrite email headers to hide the real sender's IP address, making the email look like it only came from a Spamcop server, but that's obviously dishonest. I would like to hear from other people however (SC employees in particular) on if there's any other way around this issue besides using webmail. Although it's not really SC's problem (that falls more in to the hands of Comcast and whoever is using the PBL) I suspect SC would be the only person that can be bothered to even care about the issue, let alone come up with some resolution. Quote Link to comment Share on other sites More sharing options...
agsteele Posted May 29, 2008 Share Posted May 29, 2008 I would like to hear from other people however (SC employees in particular) on if there's any other way around this issue besides using webmail. For me the solution was to stop using the PBL Andrew Quote Link to comment Share on other sites More sharing options...
ViRGE Posted May 29, 2008 Share Posted May 29, 2008 For me the solution was to stop using the PBL It's not myself I'm worried about (I don't usually email myself), it's everyone else using the PBL. Quote Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 29, 2008 Share Posted May 29, 2008 It's not myself I'm worried about (I don't usually email myself), it's everyone else using the PBL. I've never had an issue having my messages blocked by the PBL for others. Also, I would like to see you TOS that says you can not use external SMTP servers. I know it is not against my TOS. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.