Dont know if this may assist, but here is another from St Vincent...lime network. Sunday 19th sep. 2010 http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-6714-b0f7e7b0-d08e-... RD
http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-6714-b0f7e7b0-d08e-...
wow! lime's buffering and 587 hacking make me like caribbean cable more and more. randy
I'm sure it's a lot better than our Afghanistan satellite systems (84% uptime on two of them, 41% on the third). Luckily we load balance the WAN ports so it's not *too* painful. Jeff On Sun, Sep 19, 2010 at 6:56 PM, Randy Bush <randy@psg.com> wrote:
http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-6714-b0f7e7b0-d08e-...
wow! lime's buffering and 587 hacking make me like caribbean cable more and more.
randy
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
Randy Bush <randy@psg.com> writes:
http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-6714-b0f7e7b0-d08e-...
wow! lime's buffering and 587 hacking make me like caribbean cable more and more.
hmm, 587 hacking, issue with configuration, or typo? Direct TCP connections to remote authenticated SMTP servers (port 587) succeed, but do not receive the expected content. The applet received the following reply instead of our expected header: "421 Cannot establish SSL with SMTP server 67.202.37.63:465, SSL_connect error 336031996 " "Cannot establish SSL with SMTP server 67.202.37.63:465" does not sound like a 587 problem to me. netalyzr folks? comment? -r
On 10-09-27 7:20 AM, Robert E. Seastrom wrote:
"Cannot establish SSL with SMTP server 67.202.37.63:465" does not sound like a 587 problem to me.
netalyzr folks? comment?
Sorry, I hit send too soon ... I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't found anyone who can reproduce this on demand, so it's still apocryphal for now.)
On Mon, 27 Sep 2010 09:30:06 PDT, Lyndon Nerenberg said:
I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't found anyone who can reproduce this on demand, so it's still apocryphal for now.)
I've heard some people say that reproducing totally compliant SMTP behavior on those boxes on demand is apocryphal as well. :) (I have to admit I haven't actually tracked a user complaint down to a misbehaving PIX in a year or two, but I can't say if the software has gotten better or if its market share is just small enough to fly under my radar - the type of people who send e-mail from behind a PIX don't interact with my users all that often)
to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't found anyone who can reproduce this on demand, so it's still apocryphal for now.)
-----Original Message----- From: Lyndon Nerenberg [mailto:lyndon@orthanc.ca] Sent: Monday, September 27, 2010 9:30 AM To: nanog@nanog.org Subject: Re: Randy in Nevis
On 10-09-27 7:20 AM, Robert E. Seastrom wrote:
"Cannot establish SSL with SMTP server 67.202.37.63:465" does not sound like a 587 problem to me.
netalyzr folks? comment?
Sorry, I hit send too soon ...
I've heard from a couple of people that the PIX will remap 587 (and
Static (inside,outside) tcp <outside ip> 25 <inside ip> 65535 Access-list outside_acl permit tcp any any eq 25 No fixup smtp That will redirect port 25 to port 65535, allow port 25 through the firewall, and remove the fixup that changes the server banner to *************, which breaks most mail communications. Regards, Mike
On Sep 27, 2010, at 9:30 AM, Lyndon Nerenberg wrote:
On 10-09-27 7:20 AM, Robert E. Seastrom wrote:
"Cannot establish SSL with SMTP server 67.202.37.63:465" does not sound like a 587 problem to me.
netalyzr folks? comment?
Sorry, I hit send too soon ...
I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't found anyone who can reproduce this on demand, so it's still apocryphal for now.)
465 is not an odd-ball port, it's the standard well-known port for STMPS. Fortunately, few people actually use SMTPS, preferring instead to do their security via TLS using the STARTTLS model after connecting to 25/587. Owen
Owen DeLong <owen@delong.com> writes:
On Sep 27, 2010, at 9:30 AM, Lyndon Nerenberg wrote:
On 10-09-27 7:20 AM, Robert E. Seastrom wrote:
"Cannot establish SSL with SMTP server 67.202.37.63:465" does not sound like a 587 problem to me.
netalyzr folks? comment?
Sorry, I hit send too soon ...
I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't found anyone who can reproduce this on demand, so it's still apocryphal for now.)
465 is not an odd-ball port, it's the standard well-known port for STMPS. Fortunately, few people actually use SMTPS, preferring instead to do their security via TLS using the STARTTLS model after connecting to 25/587.
That doesn't explain why the test of port 587/starttls is trying to connect to the well-known port for smtps. -r
On 27 Sep 2010, at 8:29, Owen DeLong wrote: [...]
465 is not an odd-ball port, it's the standard well-known port for STMPS.
It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers urd 465/tcp URL Rendesvous Directory for SSM igmpv3lite 465/udp IGMP over UDP for SSM Regards, Leo
On 9/28/10 7:49 AM, Leo Vegoda wrote:
On 27 Sep 2010, at 8:29, Owen DeLong wrote:
[...]
465 is not an odd-ball port, it's the standard well-known port for STMPS.
It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers
urd 465/tcp URL Rendesvous Directory for SSM igmpv3lite 465/udp IGMP over UDP for SSM
Microsoft frequently has different ideas about things. ~Seth
465 is not an odd-ball port, it's the standard well-known port for STMPS.
It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers
urd 465/tcp URL Rendesvous Directory for SSM igmpv3lite 465/udp IGMP over UDP for SSM
Microsoft frequently has different ideas about things.
~Seth
FWIW - 465 is widely deployed as SMTPS, in more than just MS products. I'm actually quite surprised it's not in the well known ports list. Best Regards, Nathan Eisenberg
On Tue, 28 Sep 2010 17:39:33 +0000 Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
465 is not an odd-ball port, it's the standard well-known port for STMPS.
It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers
urd 465/tcp URL Rendesvous Directory for SSM igmpv3lite 465/udp IGMP over UDP for SSM
Microsoft frequently has different ideas about things.
~Seth
FWIW - 465 is widely deployed as SMTPS, in more than just MS products. I'm actually quite surprised it's not in the well known ports list.
It is on all Linux distros: ssmtp 465/tcp smtps # SMTP over SSL -- John
On 2010-09-29, at 12:25, Valdis.Kletnieks@vt.edu wrote:
On Wed, 29 Sep 2010 14:13:51 +0200, =?utf-8?Q?Bj=C3=B8rn_Mork?= said:
John Peach <john-nanog@johnpeach.com> writes:
It is on all Linux distros:
ssmtp 465/tcp smtps # SMTP over SSL
So file bug reports.
bug-reports@iana.org seems to bounce.
I don't know the history of 465/tcp as an entry in the registry found at <<http://www.iana.org/assignments/port-numbers>, but assuming the current entry is there for a reason (and hence is not an error that might be corrected), I believe this is the workflow required to change it. The port-number registry is maintained according to the directions in RFC 2780. To change an entry in the registry you need to write and submit an internet-draft <http://www.ietf.org/id-info/> which contains an IANA Considerations section specifying the change that is required. Those specifications will be executed (and the registry updated) if/when the I-D makes it through to that stage in the RFC publication process. RFC 2780 gives the following guidance for how such an I-D might reach that stage. 9.1 TCP Source and Destination Port fields Both the Source and Destination Port fields use the same namespace. Values in this namespace are assigned following a Specification Required, Expert Review, IESG Approval, IETF Consensus, or Standards Action process. Note that some assignments may involve non- disclosure information. Joe
On Wed, 29 Sep 2010 14:13:51 +0200 Bjørn Mork <bjorn@mork.no> wrote:
John Peach <john-nanog@johnpeach.com> writes:
It is on all Linux distros:
ssmtp 465/tcp smtps # SMTP over SSL
So file bug reports.
With IANA? It's common knowledge that 465 is smtps, whatever else IANA might say.
Bjørn
-- John
On Sep 29, 2010, at 7:26 AM, John Peach wrote:
With IANA?
It's common knowledge that 465 is smtps, whatever else IANA might say.
http://www.ietf.org/rfc/rfc4409.txt Here's what they've had to say over time: http://web.archive.org/web/20010519080902/http://www.iana.org/assignments/po... Says it's "unassigned." Then they assign it to "URL Rendezvous" a few months after that. http://web.archive.org/web/20010813015738/http://www.iana.org/assignments/po... We currently support SMTP submission over 465 since there are still some old cranky Outlook versions out there that simply don't appear to be able to support connecting to 587, but it's been 18 months since we got a call like that, so we'll probably be shutting that off soon. --Chris
John Peach <john-nanog@johnpeach.com> writes:
It's common knowledge that 465 is smtps, whatever else IANA might say.
It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an "obsolete" tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people. Bjørn
On Wed, 29 Sep 2010 15:06:02 +0200 Bjørn Mork <bjorn@mork.no> wrote:
John Peach <john-nanog@johnpeach.com> writes:
It's common knowledge that 465 is smtps, whatever else IANA might say.
It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an "obsolete" tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people.
You obviously don't use a Blackberry with an imap(s) server..... -- John
On Sep 29, 2010, at 6:10 AM, John Peach wrote:
On Wed, 29 Sep 2010 15:06:02 +0200 Bjørn Mork <bjorn@mork.no> wrote:
John Peach <john-nanog@johnpeach.com> writes:
It's common knowledge that 465 is smtps, whatever else IANA might say.
It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an "obsolete" tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people.
You obviously don't use a Blackberry with an imap(s) server.....
What does imap(s) have to do with 465/SMTP? Owen
On Wed, 29 Sep 2010 06:16:04 -0700 Owen DeLong <owen@delong.com> wrote:
On Sep 29, 2010, at 6:10 AM, John Peach wrote:
On Wed, 29 Sep 2010 15:06:02 +0200 Bjørn Mork <bjorn@mork.no> wrote:
John Peach <john-nanog@johnpeach.com> writes:
It's common knowledge that 465 is smtps, whatever else IANA might say.
It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an "obsolete" tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people.
You obviously don't use a Blackberry with an imap(s) server.....
What does imap(s) have to do with 465/SMTP?
Too early in the morning and I was not advocating maintaining SMTPS. -- John
John Peach <john-nanog@johnpeach.com> writes:
On Wed, 29 Sep 2010 15:06:02 +0200 Bjørn Mork <bjorn@mork.no> wrote:
It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an "obsolete" tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587. The faster we kill SMTPS the better. Keeping it in current /etc/services and the like is only going to confuse people.
You obviously don't use a Blackberry with an imap(s) server.....
No, I obviously don't. But I'm eager to be educated: What the heck does imap(s) have to do with port 465/tcp? I can guess... I have also been frustrated while trying to configure all sorts of MUAs. But don't you think that you had been better off if the 465/tcp entry in /etc/services had been updated when it should, 5 years ago, on the system where that Blackberry MUA was developed? If you fix /etc/services today then maybe you don't have the same problem with your new Blackberry 5 years from now. Bjørn
On Wed, 29 Sep 2010, Bjørn Mork wrote:
It's common knowledge that 465 *was* smtps. A decade ago. But it has never gone anywhere, and it is way overdue for an "obsolete" tag. Everyone actually caring about SMTP over SSL are using STARTTLS on port 25 and 587.
Microsoft MUAs only supported STARTTLS on port 25 until Outlook 2007. If you wanted to do secure remote message submission and you wanted to avoid blocks on port 25, you had to use smtps on port 465. Lots of people are still using old Microsoft MUAs so service providers should still support smtps. This is typical of the Outlook team's attitude to standards. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7, DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR ROUGH. RAIN THEN FAIR. GOOD.
Whether recorded with IANA or not, it certainly is what you will find if you google: smtp ssl port It's also what just about every MUA and MTA I've seen expects for that purpose. Owen On Sep 28, 2010, at 7:49 AM, Leo Vegoda wrote:
On 27 Sep 2010, at 8:29, Owen DeLong wrote:
[...]
465 is not an odd-ball port, it's the standard well-known port for STMPS.
It is? That's not what's recorded at: http://www.iana.org/assignments/port-numbers
urd 465/tcp URL Rendesvous Directory for SSM igmpv3lite 465/udp IGMP over UDP for SSM
Regards,
Leo
participants (16)
-
Bjørn Mork -
Chris Boyd -
Jeffrey Lyon -
Joe Abley -
John Peach -
Leo Vegoda -
Lyndon Nerenberg -
Michael K. Smith - Adhost -
Nathan Eisenberg -
Owen DeLong -
Randy Bush -
Robert E. Seastrom -
Rudolph Daniel -
Seth Mattinen -
Tony Finch -
Valdis.Kletnieks@vt.edu