[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor server for port 443

    On Wed, 21 May 2008 12:04:30 +0100 Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx>
>Scott Bennett wrote:
>>> The standardised port for SMTP submission is 587. See 
>>> http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol specifically 
>>> "Although some servers support port 465 for legacy secure SMTP in 
>>> violation of the specifications"
>>      Huh.  Guess I'll have to look it up somewhere official then.  (wikipedia
>> is not authoritative, even if it may well have it right.)  I was going on
>> what it said in /etc/services on my FreeBSD 6.3 system, which is also not
>> authoritative by any means, but still ought to have been correct.  I checked
>> again, this time for 587, and it is listed as the service called "submission".
>> I had no idea that that referred to any service having anything to do with
>> email of any kind.  That prompted me to check the Solaris 5.8 system that I
>> use for email.  Its /etc/services doesn't list 465 at all, but also lists
>> 587 as "submission".

     Thank you for that URL.  I've looked at it now and have bookmarked it.
>The port 465 issue became particularly important recently when IANA 
>actually assigned it for a real use. Previously it was an unassigned 
>port that was hijacked by Microsoft for Outlook.
>>> However. gmail do actually support both 587 with TLS *and* 465 with SSL 
>>> on connect, on smtp.gmail.com.
>>      Okay.  I'll check into it and may end up adding 587 to my allowed exits.
>> Thanks for the tip.
>While port 587 is the official standard port for email submission, it 
>doesn't *require* the usage of SSL. GMail does however have this 
>Also, I'd still personally prefer to use port 465 over port 587 for mail 
>submission when both are available, purely because when using port 465 
>you negotitate SSL immediately, whilst with port 587 there is some plain 
>text negotiation first which *could* accidently leak identifying 
>information such as your hostname in the EHLO, to the Exit node.
     Now, if we keep 25 blocked, are we risking undoing the benefit from that
blockage by unblocking 587?  It turns out that I was rejecting exits for
port 465 and 587, so now I'm wondering whether it might be a Bad Thing to
accept exits to 587.  Also, the new allocation of 465 is for urd (URL
Rendezvous Directory for SSM).  Offhand, I don't know what SSM may be nor
whether accepting exits for this service would be okay.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *