Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SMTP and SMTPs on port 25?
  •  
jerrym

Messages: 5
Karma: 0
Send a private message to this user
Hi,

It seems that users here are aware that SMTP over SSL is no longer on port 465, rather it's TLS over SMTP on port 25. Does anyone know if it's okay to use port 25 for both SMTP and SMTPs for outgoing emails?

I wasn't able to use KOC + Outlook with SSL checked off in account settings, then I discovered that the Secure SMTP port from the Admin Console was set to 465. Did a search here and found out SMTPs is now on port 25, so I set the Secure SMTP port in Admin Console to 25 and now SSL works fine, as well as non-SSL KOC clients.

Everything seems to be working fine now, both SMTP and SMTPs on port 25. Is this what everyone has been doing?

Thanks,
Jerry
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Hm, interesting. I have a similar issue:

Yesterday I acquired and installed a Geotrust QuickSSL Premium certificate. Works fine on Webmail and Smartphones. (You do need the 'Premium' one to work out-of-the-box on Smartphones, worth the extra 50 bucks!)

I've also enabled 'Require Secure Authentication' in Admin Console, so all clients must connect using SSL.

I've checked the appropriate SSL checkbox in KOC and I can start Outlook/KOC just fine. Incoming email, create appointments, etc. all fine. Except sending messages won't work, they get stuck in the outbox. (Just opened a ticket on this with support.)

I tried your suggestion, but I can't set Secure SMTP to port 25, since that's already taken by non-secure SMTP. And I'm unsure about totally disabling non-secured SMTP, because of this text in the manual (here):
Quote:

Due to the plenty of SMTP servers which do not support SMTPS and STARTTLS, it is not possible to allow the secure version of the protocol only.


Any ideas?
  •  
jerrym

Messages: 5
Karma: 0
Send a private message to this user
Hmmm.... I was able to set both SMTP and SMTPs ports to 25. Have you tried to use another port for SMTPs and change the SMTP port number in KOC to use that? It defaults to 465 when you check off SSL, but I guess you could try picking a different one?
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
You can't switch both ports to 25. Only one service can listen on a port for any given IP address at one time. If KMS let you, it still won't work. If you restart the server, you'll probably see that one of the services within KMS has failed.

SMTPs also does not use port 25. It uses port 465. Outlook uses TLS on port 25. The functionality is similar, but it's not really SMTPs.

KOC does not default to 465 when checking use SSL. It continues to use 25, and uses TLS. If your KOC setup was set to 465, that could be part of your problem, but changing the SMTPs service to port 25 will not fix the problem, and may cause other problems on top of what you already have.

Scott
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
jerrym: sorry for hijacking this topic a bit, hope you don't mind and perhaps find this discussion helpful or enlightening as wel...
sedell: thanks for your (as always) insightful feedback Smile

sedell wrote on Thu, 26 July 2007 18:20

SMTPs also does not use port 25. It uses port 465. Outlook uses TLS on port 25. The functionality is similar, but it's not really SMTPs.

SMTPS over 465 works fine here (I tried it with Thunderbird's SMTP set to SSL and port 465). The problem is Outlook/KOC.

You say secure Outlook/KOC sends messages using TLS over port 25. Is there any special setting needed on the server to allow that? Or perhaps a more 'elaborate' SSL certificate and is my 'QuickSSL Premium' certificate to 'simple'?

sedell wrote on Thu, 26 July 2007 18:20


KOC does not default to 465 when checking use SSL. It continues to use 25, and uses TLS. If your KOC setup was set to 465, that could be part of your problem, but changing the SMTPs service to port 25 will not fix the problem, and may cause other problems on top of what you already have.

My KOC setup was/is still set to port 25, I simply tried setting it to 465 to see what would happen [=nothing].
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
winkelman wrote on Thu, 26 July 2007 13:10

You say secure Outlook/KOC sends messages using TLS over port 25. Is there any special setting needed on the server to allow that? Or perhaps a more 'elaborate' SSL certificate and is my 'QuickSSL Premium' certificate to 'simple'?


Our cert is a QuickSSL as well, so it's not that.

There's nothing special needed for TLS. It's another command that the server accepts. If you enable the SMTP debugging, and send a test message from Outlook set to Secure SMTP, you'll see the following right after the greeting in the SMTP transaction, but before authentication:

[26/Jul/2007 13:12:17][1956] {smtps} Command STARTTLS
[26/Jul/2007 13:12:17][1956] {smtps} Successfully switched to TLS mode

Otherwise, the rest of the communication looks the same. Some servers require turning enabling TLS for it to work, but KMS is aimed at Outlook shops with Outlook/KOC. I don't think there's an option to turn off TLS support because of that.

If you can send on 25, SSL works on 465, but KOC can't send, it might be an issue with the KOC. There have been issues in the past with messages getting stuck in the outbox. I don't think those had anything to do with SSL or TLS, but it may be related.

You could try an Outlook POP3 or IMAP account set to secure SMTP to see if it's specific to the KOC. TLS isn't KOC specific, and gets used by Outlook with or without it the KOC. If a POP or IMAP account still can't send, it could be server or setup related. If it can, it's most likely the KOC.

Scott
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Hm, TLS over 25 seems to work just fine. I just setup Thunderbird that way (see attached screenshot) and it sends without problems.

Weird weird weird.

I'll see if the debug log helps me distinguish between Thnuderbirds SMTP over TLS and Outlooks...

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Strange.

Thunderbird with SMTP using TLS on port 25 sends messages just fine.

Outlook in a POP3 profile with SMTP on port 25 with SSL sends messages just fine (and indeed uses TLS as seen in the debug log).

Yet sending messages from Outlook/KOC with SSL fails. And nothing shows up in the SMTP Server debug log. Not one line. As if Outlook is not even trying to send the message.
  •  
jerrym

Messages: 5
Karma: 0
Send a private message to this user


sedell wrote on Thu, 26 July 2007 18:20


KOC does not default to 465 when checking use SSL. It continues to use 25, and uses TLS. If your KOC setup was set to 465, that could be part of your problem, but changing the SMTPs service to port 25 will not fix the problem, and may cause other problems on top of what you already have.

My KOC setup was/is still set to port 25, I simply tried setting it to 465 to see what would happen [=nothing].[/quote]

My mistake, KOC with SSL checked off will change the imap and http ports, but not the SMTP port. So changing the Secure SMTP port in Admin Console to 25 seems to work in my situation... is this strange? Both SMTP and SMTPs is using port 25 but I haven't had any problems yet. Can you guys suggest some possible concerns about this?
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
jerrym wrote on Fri, 27 July 2007 19:00

Both SMTP and SMTPs is using port 25

That's simply not possible on the server. If you set both services 'SMTP' and 'Secure SMTP' in Kerio Admin Console --> Configuration --> Services to port 25, on of them will fail to start because the other has already taken port 25.

I think you are talking about something else...
  •  
jerrym

Messages: 5
Karma: 0
Send a private message to this user
Configuration -> Services -> SMTP
Configuration -> Services -> Secure SMTP

Both are set to port 25, and SSL is working for me... I can see TLS in the message headers.

I'm new to mailserver administration, am I totally off?

What should I be looking at, or checking for?
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
You will have problems when you reboot the server as 2 services will try to bind to one port (25).

SMTP 25
SMTPS 465

These are standard port numbers.
If it's working for you now I think it is more luck than good judgment Smile
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
sonofcolin wrote on Fri, 27 July 2007 22:42

You will have problems when you reboot the server as 2 services will try to bind to one port (25).

SMTP 25
SMTPS 465

These are standard port numbers.
If it's working for you now I think it is more luck than good judgment Smile


sonofcolin is definitely right, your SMTP services will not start after reboot. You can't set two services to use the same port on the same IP address.

As was discussed earlier here http://forums.kerio.com/index.php?t=msg&goto=44936&s rch=starttls#msg_44936, Outlook is using STARTTLS command on standard unsecured SMTP port.
Quote:

It was already discussed several times in this forum.
KOC (as well as Outlook with POP3 or IMAP account) does not use SMTPS on port 465. It is using TLS over standard SMTP on port 25 (starttls command). It represents same level of security as SMTPS.

Petr Dobry
Product Development Manager | Kerio
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
jerrym wrote on Fri, 27 July 2007 22:34

Configuration -> Services -> SMTP
Configuration -> Services -> Secure SMTP

Both are set to port 25, and SSL is working for me... I can see TLS in the message headers.

Probably (definitely...) only your normal SMTP service is running. It will also use/accept TLS if requested by the client. Thus possibly leading to your confusing. (Even if you disable Secure SMTP, you'd still be able to use TLS with the normal SMTP service on port 25.)

You should be able to find an error in the log files.
Previous Topic: denied (authentication required)
Next Topic: windows backup to linux
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 06:03:45 CET 2017

Total time taken to generate the page: 0.00569 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.