Re: [opensuse] Postfix, stunnel, and MS Exchange

On Friday 12 January 2007 00:54, Joe Morris (NTM) wrote:

Got a problem I hope someone can answer. This is my situation. My home
office (i.e. mail relay) uses MS Exchange. It seems it will only listen
on port 25.

The Port is configurable. And you can add additional Ports of course.

They are wanting all mail to be transport encrypted. They
have setup stunnel to listen on port 465 and 2525 for their exchange
server. It works with most email clients to select ssl encryption for
the smtp server on port 465 (they also use auth). I tried but could not
get the smtp client of postfix to work with that setup to relay mail
through them here at home.

This SSL-Mode is not supported by Postfix. Postfix supports the Standard way
(Client-Side) where the Connection is established unencrypted and the
Encryption is switched on after that (STARTTLS). Most Clients will support
the SSL-Mode, so you will have luck with Clients.

My ISP blocks all port 25 traffic to force
all smtp traffic to go through them. At the office (I was testing first
at home) we use a different ISP that does not block port 25. On port 25
(with telnet) their exchange server responds, but there is nothing if
telneted to port 465 pr 2525.

You cannot telnet to an already encrypted Port. If you want to test that, use
openssl as client.

$ openssl s_client -connect ...

man openssl
man s_client

I got postfix's smtp client to work at
work (it uses TLS on port 25), including auth. Here at home, I need to
get it working as well (and at least Eudora also has a problem with
their setup if port 25 is blocked by the ISP). Is there a way to get it
working as is, or could I install and setup stunnel to get the postfix
smtp client to work through stunnel on either port 2525 or 465? Is so,
any pointers? TIA for any help or alternate ideas.

Hmm, the best way would be to configure your Exchange Box to listen on a
second Port with TLS enabled maybe 465 or 26 or whatever.

Another way of course would be to setup stunnel on your Home-Postfix-Box to
reconvert the encrypted Session in an unencrypted.

--
Andreas
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • RE: Kommunikation Port 25 geht, geht nicht.
    ... Exchange im internen Netz standardmäßig nicht auf Port 25. ... Outl.Express sind ja MAPI-fähige Clients, ... > und mittels Telnet keine Verbindung über TCP/IP Port 25 zustande. ...
    (microsoft.public.de.german.windows.server.networking)
  • Re: adding machine to domain with NATed IPs
    ... sounds that the DCs are not reaching the clients ... weight 100, port 389, target srv5.mydomain.local ...
    (microsoft.public.windows.server.active_directory)
  • Re: adding machine to domain with NATed IPs
    ... sounds that the DCs are not reaching the clients ... Type: SRV (Service location) ... weight 100, port 389, target srv5.mydomain.local ...
    (microsoft.public.windows.server.active_directory)
  • Re: Why use external email hosts?
    ... Port 443 is how they get external email access in my firm. ... a different thread and received a question on why someone would want an external host when they have Exchange. ... server's LAN IP, set up your SMTP virtual server to receive mail *only* from the IP of the other server, and open up port 25 to the other server. ... Now Exchange and RWW are the big sellers, SQL Server after that and ISA way in the rear, with only the clients who want to do close web access monitoring and control expressing much interest. ...
    (microsoft.public.windows.server.sbs)
  • Re: DDoS to microsoft sites
    ... The primary difference between the two clients is that the first port scan I ... > - netbios (brute force attack on Administrator account) ... I'm guessing that the SQL server is the infection vector in both these ...
    (Incidents)