SMTP SSL on Port Other than 25

  • Thread starter Thread starter Mark Olbert
  • Start date Start date
M

Mark Olbert

I've just spent six frustruating hours trying to get Outlook XP to use SSL/TLS over SMTP on a port
other than 25. Why? Because the ISP I use when I travel - AOL - has some idiot system in place that
redirects any attempts to connect to any computer's port 25 to their own mailservers. So I can't
access my personal mail server from on the road.

Now, based on everything that I saw in the email account configuration dialog box for Outlook this
ought to be a piece of cake. Just click the box on the Connection tab of the Advanced settings to
indicate SSL, specify the port number and voila!

Unfortunately, this is Outlook, probably one of the crappiest email clients ever created, from one
of the lowest-quality software developers in the history of the industry. And that, as the old
saying goes, is really saying something.

I know the SSL/TLS subsystem on my mail server is working fine, because I >>can<< connect on the
standard smtp port, 25.

So what's the solution? I've come across references to some kind of post Office XP SP3 hotfix (I
have SP3 installed; the OS is Windows XP SP2, up-to-date) that may cure the problem. Is this true?
If so, how do I get it? I couldn't find anything in the download section of the Outlook website.

- Mark
 
I've just spent six frustruating hours trying to get Outlook XP to
use SSL/TLS over SMTP on a port other than 25. Why? Because the ISP
I use when I travel - AOL - has some idiot system in place that
redirects any attempts to connect to any computer's port 25 to their
own mailservers. So I can't access my personal mail server from on
the road.
Click to expand...

Normally, I would just let this post go by because I don't have enough
expertise with MS Outlook to offer a solution. However, your comment on the
"idiot system" deserves a comment: it is not an "idiot system". RFC 2821,
and its predecessor, RFC 821, describe the SMTP protocol. It is an
unauthenticated message transfer protocol, which permits any SMTP client to
connect to any other SMTP server to relay email to a destination. Alas,
this lack of an authentication mechanism has made it too easy for spammers
to subvert the SMTP system for their own purpose.

Those who write these RFCs foresaw this problem at least as far back as
1998, the date on RFC 2476. This RFC defines a Message Submission system
which allows for authenticated connections by Message Submission Agents
(MSA), of which MS Outlook is an example, to Message Submission Servers.
This system is designed to work on port 587, and may, or may not require
STARTTLS (not the same thing as SSL) during the message submission.

Many ISPs, including my own (SBC Yahoo! DSL Service) are moving toward this
system. Comcast is going their own way, using port 465 for authenticated
message submission. SBC is also blocking port 25 except to their own
servers; but they are not redirecting, as AOL is doing. This is going to be
common for most U.S. ISPs in the near future. It is not idiotic, it is a
proven way to beat the proxy spammers. Proxy spam from compromised SBC
customer computers is less than 1/10the of the level prior to their
implementation of port 25 blocking.

As I said, I am not especially familiar with MS Outlook. It appears to have
very similar configuration issues as MS Outlook Express. I am told that
MSOE only does STARTTLS on port 25. Bummer. I saw no indication that MS
Outlook SP3 offers STARTTLS as an option on ports other than 25. Bummer.
MSFT is just going to have to get with the program; the Internet is not
their invention, and they still don't have control over how it works.

In the meantime, GMail does offer SMTP access through port 465 with SSL; I
know that MS Outlook Express works with that (I have tested it). MS Outlook
should also work with that.

--
Norman
~I'll be there, by your side
~in the land of Twilight.
~In your dream I will go
~'till we find the Sunlight.
 
Normally, I would just let this post go by because I don't have enough
expertise with MS Outlook to offer a solution. However, your comment on the
"idiot system" deserves a comment: it is not an "idiot system". RFC 2821,
and its predecessor, RFC 821, describe the SMTP protocol. It is an
unauthenticated message transfer protocol, which permits any SMTP client to
connect to any other SMTP server to relay email to a destination. Alas,
this lack of an authentication mechanism has made it too easy for spammers
to subvert the SMTP system for their own purpose.

Those who write these RFCs foresaw this problem at least as far back as
1998, the date on RFC 2476. This RFC defines a Message Submission system
which allows for authenticated connections by Message Submission Agents
(MSA), of which MS Outlook is an example, to Message Submission Servers.
This system is designed to work on port 587, and may, or may not require
STARTTLS (not the same thing as SSL) during the message submission.
Click to expand...

The idiotic part is not the requirement for authentication. It's the automatic redirection to a
different server.

When I look to establish an SMTP connection to port 25 on my.own.mailserver, I expect to either (a)
get to my.own.mailserver on port 25 or (b) not get connected at all (due to network problems, server
problems, DNS resolution problems, etc.). Silently redirecting me to a different computer than what
I asked for is "rude" and uncalled for, hence idiotic, IMHO.

I wouldn't even have known what was happening except for the fact that in the course of trying to
get my secure SMTP connection to work I did a telnet my.own.mailserver 25... and found to my shock
that the greeting was coming from AOL.

My apologies for any confusion I may have caused.

- Mark
 
The idiotic part is not the requirement for authentication. It's the
automatic redirection to a different server.

When I look to establish an SMTP connection to port 25 on my.own.mailserver,
I expect to either (a) get to my.own.mailserver on port 25 or (b) not get
connected at all (due to network problems, server problems, DNS resolution
problems, etc.). Silently redirecting me to a different computer than what
I asked for is "rude" and uncalled for, hence idiotic, IMHO.

I wouldn't even have known what was happening except for the fact that in
the course of trying to get my secure SMTP connection to work I did a telnet
my.own.mailserver 25... and found to my shock that the greeting was coming
from AOL.

My apologies for any confusion I may have caused.
Click to expand...

Port 25 is defined by the RFCs for "Message Transfer". RFC 2476 designates
a port for "Message Submission". When you are connecting to port 25, you
are supposed to be an MTA with a message to transfer. If you are connecting
to port 25 for "Message Submission", well, that is now being changed all
over the place. As I mentioned, my ISP, among many others, blocks access to
port 25 for all connections other than to their own mail servers. SBC
customers, mostly, can't connect to GMail SMTP servers on port 25.

That is the way the Internet is moving for handling email. The answer is to
have the mail service providers start using port 587 for "Message
Submission".

--
Norman
~I'll be there, by your side
~in the land of Twilight.
~In your dream I will go
~'till we find the Sunlight.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Port 25 automatically resetting 5
Qutlook 2007 & Squid Proxy Server 2
Outlook Not Sending Mail 4
Can receive but can't send 1
Problem sending emails from Outlook Express Ver6 NEVER MIND! 2
Problem sending emails from Outlook Express Ver6 1
Retrieve Email Fails (sbcglobal, other domain) 5
fix the Outlook xp SMTP port 6

Back
Top