SNTT: SMTP and SSL on port 465 (and the Lotus boo boo it seems)
Tags :Show-N-Tell Thursday SMTP Domino 7 SSL SNTT
So here is the issue. You wish to do SSL for SMTP. Looking at Domino you see that it is disabled by default for both inbound and outbound SSL over port 465. However, we could not get anything to connect from outside out network to a server that was offering SSL for SMTP after being enabled. We had both Anonymous and Name & Password set to 'Yes" also. |
After searching the firewall logs we found that connections were never getting to the firewall in the first place. So we went farther back to the edge routers. What we found was that the port 465 packets were getting dropped for some reason. After some digging by our network team we found this lovely bit of information. Basically Domino still uses port 465 for SSL over SMTP. This port was assigned and picked up by Cisco URD (URL Rendezvous Directory for SSM) after the V3 SSL standard was drafted 10 years ago. The port never made it out of Reserved (pending) with IANA according to what I could find on the Internet.
So the recommended approach is to start communications with a START TLS encryption instead of move your SMTP SSL port somewhere else. While it might work over port 465, there is no guarantee is Cisco routers are somewhere in the middle of the communication.
- References:
http://www.iana.org/assignments/port-numbers
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835 /products_configuration_guide_chapter09186a00800ca795.html
http://www.chebucto.ns.ca/~rakerman/port-table.html
blog comments powered by Disqus
On Thursday, August 17th, 2006 by Chris Miller