Home » Kerio User Forums » Kerio Connect » No greeting delay ("Spam Repellent") on SMTP SSL (There's no greeting delay when connecting to SMTP SSL on port 465)

Messages: 6
Karma: 0
Send a private message to this user
Today I was trying to resolve some SSL cert issues, so I opened a TLS session on port 465 using:

openssl s_client -crlf -connect mail.domain.com:465

I got surprised that after the TLS negotiation, I got a "220 mail.domain.com Kerio Connect 9.2.3" immediately, despite "Spam Repellent" option is enabled (20 sec), and telneting to port 25 and even openssling to port 25 gets the 20 sec delay as expected.

Is this by design? There's a technical limitation to not provide that delay on SMTP SSL? Or it's a bug? Sad
Kerio/GFI Brian

Messages: 852
Karma: 90
Send a private message to this user
Indeed this seems to be the case. I don't suspect this is by design. I have reported the behavior to the engineers.

Brian Carmichael
Instructional Content Architect

Messages: 491
Karma: 70
Send a private message to this user
Secure SMTP Port 465 should not be used anymore. As STARTTLS is now a standard, ports 25 and 587 can now be use to transmit message securely.

Port 25: Unauthenticated mail from external mail servers

Port 587: Authenticated mail from internal mail clients

See details here: http://blog.mailgun.com/25-465-587-what-port-should-i-use/

So I would disable port 465 completely.

By design, port 587 does not have Spam Repellent as it is only used by mail clients that need to authenticate.

Dexion AG - The Blackberry Specialists in Switzerland

Messages: 6
Karma: 0
Send a private message to this user
Understood. But have some questions...

1) Disabling SMTPS 465 will not cause any old/broken/non-standard-compliant MTAs to fallback to SMTP 25 in plaintext if can't connect to 465, instead of of trying STARTTLS over SMTP 25?

2) And this one is for Kerio: Disabling SMPTS service in Kerio, does not disable STARTTLS support over SMTP? I guess not, but better to ask

Anyway, I think that if there is an optional SMTPS service, the Spam Repellent should work on it, don't you? Lot of people (like me) don't know that SMTPS was deprecated and have or need it to be enabled. This could be an open hole for spam.

It's ok for SMTP Sub 587 to not include the Spam Repellent, at it is mandatory to auth there.
Previous Topic: Using Parentheses In An Email Attachment
Next Topic: Outlook 2016 KOFF not available
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 17 07:29:45 CET 2018

Total time taken to generate the page: 0.73346 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.