[Top] [All Lists]

Re: port number for smtp over ssl

2003-01-15 10:51:54

The 'alternate' port used for doing SMTP over SSL is 465. This appears
to be a well-established, de facto standard.

Only in a very limited sense. I see port 465 used for SMTP submission; the
SMTP server and port you submit to is, after all, not something that
changes very often so it is reasonable to put this in a client's configuration.

SMTP relay is another matter. Trying another port before falling back to
port 25 is not something SMTP relay clients can usually afford to do.

The correct way to use TLS/SSL with SMTP is through the use of the STARTTLS
SMTP extension defined in RFC 3207. This is widely implemented and used for
both submission and relay; although the latter unfortunately suffers somewhat
due to the presence of systems that advertise the extension but then fail to
successfully negotiate when someone tries to use it.

Finally, the use of a second port for TLS/SSL is actively discouraged as it
opens up a number of security issues of its own.

However it is not registered with IANA.  The official entry for the port

    urd             465/tcp    URL Rendesvous Directory for SSM

Given the importantce of secure SMTP posting across the net, it strikes
me that this documentation anomoly should get fixed, so that
administrators have the usual, official site to go to, to find out
correct port number assignments.


I'd much rather move towards use of RFC 3207 than give the two port
approach any additional legitimacy.