LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-08-2007, 11:09 AM   #1
jonr
Senior Member
 
Registered: Jan 2003
Location: Kansas City, Missouri, USA
Distribution: Ubuntu
Posts: 1,040

Rep: Reputation: 47
Guarddog lacks SMTP over SSL: Any fix?


My ISP, ATT/Yahoo (SBCGlobal) is requiring users to change from smtp or smtpauth (I've been using the latter) to smtp over SSL, by March 30. Similarly to change to POP3 over SSL.

I got Guarddog to allow POP3 over SSL and am using the new server address now. But there is no allowance in Guarddog for SMTP over SSL, and I cannot connect to send mail through the new SMTP address.

I read in a Guarddog users' group about SMTP over SSL being deprecated. That may be, but SBCGlobal/ATT/Yahoo is now going to require its use!

I don't know how to alter the IPtables by hand to allow this protocol. Please suggest what I might do; I tried Firestarter once but could not make it work in my setup. Guarddog has been perfect for about three years.
 
Old 02-08-2007, 12:43 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
The dedicated port (465/tcp) for SMTP over TLS is deprecated. Service providers should allow the START TLS command on their normal SMTP servers over the normal port (25/tcp). If AT&T isn't doing that, they're stupid and backwards.

To duplicate the firewall rule, just find your iptables script and copy the line for port 25 tcp and change the port number to 465.
 
Old 02-08-2007, 12:56 PM   #3
jonr
Senior Member
 
Registered: Jan 2003
Location: Kansas City, Missouri, USA
Distribution: Ubuntu
Posts: 1,040

Original Poster
Rep: Reputation: 47
Many thanks

Quote:
Originally Posted by chort
The dedicated port (465/tcp) for SMTP over TLS is deprecated. Service providers should allow the START TLS command on their normal SMTP servers over the normal port (25/tcp). If AT&T isn't doing that, they're stupid and backwards.

To duplicate the firewall rule, just find your iptables script and copy the line for port 25 tcp and change the port number to 465.
Thanks, Chort, and---I agree with your first paragraph wholeheartedly! This is but one example among many... sigh ...

Tempted to go to cable, but I dunno...
 
Old 02-25-2007, 02:10 PM   #4
jonr
Senior Member
 
Registered: Jan 2003
Location: Kansas City, Missouri, USA
Distribution: Ubuntu
Posts: 1,040

Original Poster
Rep: Reputation: 47
Success!

Chort, I got this done finally today. Not that I didn't work on other things in the meantime, like catastrophic crashes, etc.

I had the hardest time finding the iptables script. It looks as though the location varies from distro to distro, and I couldn't find the right clues. Finally found it, though, changed the "25"'s to "465"'s, and now I'm stealthed* but able to send via SMTPS using SSL and port 465 as AT&T will be requiring around March 30.

I appreciate your help very much.

------------------
* stealthed -- I know, I know. Opinions vary. But it makes me feel better. Can't hurt anything.
 
  


Reply

Tags
firewall, guarddog, smtp, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPtables/Guarddog blocking to much. How do I fix this? M$ISBS Linux - Security 7 11-14-2005 09:42 PM
qmail ssl and smtp not working together shmude Linux - Software 0 11-02-2005 07:02 PM
Fedora Core 2 Mail server ssl and smtp configuration steps harish_neo Linux - Networking 4 10-13-2004 10:46 AM
Simple GAIM "ssl support needed" fix Mainframe Slackware 9 05-20-2004 12:51 PM
noob question about pop/smtp and ssl caid Linux - Security 3 02-16-2004 06:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration