I think you've explained that /tls is really STARTTLS, which I've always found confusing.
I've been unable to send email through one SMTP server. I get the 100% submitted, but the test message hasn't been received at one of my other addresses.
I added /submit and the test message was received.
I had assumed that by specifying /ssl or /tls, alpine used port 587. Is
that wrong? Does alpine use port 25 by default?
On Thu, 17 Mar 2022, Adam H. Kerman wrote:
I think you've explained that /tls is really STARTTLS, which I've always >>found confusing.
I agree. I added an alias "/starttls" to make it less confusing
I've been unable to send email through one SMTP server. I get the 100% >>submitted, but the test message hasn't been received at one of my other >>addresses.
I added /submit and the test message was received.
I had assumed that by specifying /ssl or /tls, alpine used port 587. Is >>that wrong? Does alpine use port 25 by default?
Yes, Alpine uses the default port for any connection whose port is not >specified in some way. Let me make that a little bit more clear:
smtp.server.com
means to connect in port 25, so doing
smtp.server.com/tls
means to connect in port 25 and do STARTTLS in that port. The correct port
to do /tls is port 587, so you have to add this as
smtp.server.com:587/tls
However, Alpine has a shortcut for that ant it is
smtp.server.com:587/tls = smtp.server.com/submit
This is the same when you speciy other means to connect such as
smtp.server.com/ssl
which is equivalent to
smtp.server.com/ssl = smtp.server.com:465/ssl
in other words the modifier also modifies the connection port. For
security reasons always prefer /ssl over STARTTLS, so if you can change >/submit to /ssl do that, otherwise /submit is the next best thing.
I hope this helps.
/submit means STARTTLS and port 587? I've never read that in the help
text. Does /submit allow it to step down to an unencrypted connection if STARTTLS fails? I'd prefer to avoid that.
This is the same when you speciy other means to connect such as
smtp.server.com/ssl
which is equivalent to
smtp.server.com/ssl = smtp.server.com:465/ssl
/ssl means port 465? I thought we're not supposed to use that port for
SSL as it's never been officially assigned.
in other words the modifier also modifies the connection port. For
security reasons always prefer /ssl over STARTTLS, so if you can change
/submit to /ssl do that, otherwise /submit is the next best thing.
Does /submit/ssl use port 587?
This is the same when you speciy other means to connect such as
smtp.server.com/ssl
which is equivalent to
smtp.server.com/ssl = smtp.server.com:465/ssl
/ssl means port 465? I thought we're not supposed to use that port for
SSL as it's never been officially assigned.
On Fri, 18 Mar 2022, Adam H. Kerman wrote:
/submit means STARTTLS and port 587? I've never read that in the help
text. Does /submit allow it to step down to an unencrypted connection if >>STARTTLS fails? I'd prefer to avoid that.
No, if STARTTLS fails there goes your session. Read more on the following >help link (if followed from alpine) x-alpine-help:h_folder_server_syntax
This is the same when you speciy other means to connect such as
smtp.server.com/ssl
which is equivalent to
smtp.server.com/ssl = smtp.server.com:465/ssl
/ssl means port 465? I thought we're not supposed to use that port for
SSL as it's never been officially assigned.
Well, that is what /ssl means, it is in the source code, but you can
specify any port.
in other words the modifier also modifies the connection port. For >>>security reasons always prefer /ssl over STARTTLS, so if you can change >>>/submit to /ssl do that, otherwise /submit is the next best thing.
Does /submit/ssl use port 587?
That dos not do what you want it to do. This is like doing /tls/ssl. It is >contradictory and will not work.
According to Adam H. Kerman <ahk@chinet.com>:
This is the same when you speciy other means to connect such as
smtp.server.com/ssl
which is equivalent to
smtp.server.com/ssl = smtp.server.com:465/ssl
/ssl means port 465? I thought we're not supposed to use that port for
SSL as it's never been officially assigned.
RFC 8314 fixed that five years ago. Submit away.
It appears that with /ssl parameter used, /submit is ignored.
It would make my life easier if there were a chart in the help text.
Protocol tried first default port
/submit STARTTLS 587
/ssl TLS 1.3 465
/tls I'm still confused
Ok. I redid the SMTP entry in each of my roles for the second time this
week. I eliminated /submit and /tls. In each case I'm using /ssl but I
have no idea what happens if TLS 1.3 isn't available. Does that cause
failure or does it attempt TLS 1.2?
On Fri, 18 Mar 2022, Adam H. Kerman wrote:
It appears that with /ssl parameter used, /submit is ignored.
/ssl and /submit are mutually exclusive.
It would make my life easier if there were a chart in the help text.
Protocol tried first default port
/submit STARTTLS 587
/ssl TLS 1.3 465
/tls I'm still confused
Adam, I can see your confusion. STARTTLS is not a protocol, STARTTLS is a >command which tells the server that you are going to negotiate a secure >connection using TLS. The version of TLS that will be used depends on what >versions ot TLS where compiled into Alpine and into the server. The server >and Alpine will negotiate the highest version of TLS that both of them >support. When you see that the negotiation is being done with TLS version
1.3 it means that both Alpine and the server support it, and that is good, >but if Alpine supported only TLS 1.2, that is what would be negotiated.
Let me correct myself. It is not Alpine that supports TLS 1.2, it is
openssl. All of that negotiation is done by openssl, not Alpine. Alpine
uses openssl to negotiate the secure connection, so the table above does
not make sense in the sense you want to write.
However, one more thing. When you add /tls to a connection it means that
you will connect insecurely to that server and then use the STARTTLS
command to negotiate a secure connection.
. . .
Is port 587 used by default with the /tls parameter specified?
On Sat, 19 Mar 2022, Adam H. Kerman wrote:
Is port 587 used by default with the /tls parameter specified?
No, for any server, when you use
server.com:port/tls
you connect insecurely to server.com at that specific port. when you omit
the port, as in
server.com/tls
you connect to server.com at the default insecure port and then you
negotiate a secure connection using the STARTTLS command. In the case of
SMTP this would be port 25. Since STARTTLS exists in port 587 you would >either use
server.com:587/tls
or the equivalent
server.com/submit
I hope this helps.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 08:24:35 |
Calls: | 6,706 |
Files: | 12,236 |
Messages: | 5,350,706 |