LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-18-2017, 06:31 PM   #1
adrianmariano
Member
 
Registered: Dec 2004
Distribution: Ubuntu Yakkety
Posts: 191

Rep: Reputation: 15
Using a mail relay that uses SSL or TLS


I used to send mail using mutt, which would use sendmail to send mail via postfix. Postfix would connect to a mail relay my ISP (cox) runs.

Now cox has changed something about their email and the mail relay doesn't work any more. When I looked for direction they listed two relay addresses, one for TLS and one for SSL. I tried various configurations in mutt to tell it to connect to the cox server but when I use the TLS server I get "connection refused" and when I use the SSL server I get an indefinite hang.

So the questions are, which one should I use (TLS or SSL) and what is involved in setting this up? Do I need to do something with certificates?
 
Old 07-18-2017, 08:16 PM   #2
Laserbeak
Member
 
Registered: Jan 2017
Location: Manhattan, NYC NY
Distribution: Mac OS X, iOS, Solaris
Posts: 508

Rep: Reputation: 143Reputation: 143
There are such things as SMTP as well as POP3 and IMAP over SSL, but whether other mail servers will use them is another matter. For example, you could securely send an e-mail to someone, but once that e-mail gets to your SMTP server, it might have to send it unencrypted to the recipient's SMTP server.
 
Old 07-18-2017, 08:32 PM   #3
adrianmariano
Member
 
Registered: Dec 2004
Distribution: Ubuntu Yakkety
Posts: 191

Original Poster
Rep: Reputation: 15
My goal is not to achieve some level security but to simply be able to send email at all.

I am able to read email by connecting to a pop server and authenticating with a password. But the smtp server for outgoing email has started refusing connections. And when I visit my ISP setup instructions here:

https://www.cox.com/residential/supp...-settings.html

they seem to indicate that I must use either SSL or TLS. Note that port 25 is not given as an option.
 
Old 07-18-2017, 09:01 PM   #4
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,441

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Quote:
Originally Posted by adrianmariano View Post
My goal is not to achieve some level security but to simply be able to send email at all.

I am able to read email by connecting to a pop server and authenticating with a password. But the smtp server for outgoing email has started refusing connections. And when I visit my ISP setup instructions here:

https://www.cox.com/residential/supp...-settings.html

they seem to indicate that I must use either SSL or TLS. Note that port 25 is not given as an option.
Hmmm. Which smtp server are you using that's not working?

Is your server connected to the Cox network? You will not be able to use port 25 unless the server is physically connected to the Cox network. This is generally true about ISP servers. Cox, for example, blocks the use of port 25 on any server but their own.

I am still able to send via Cox using smtp.west.cox.net (or smtp.east.cox.net if you're on the other side of the country) on port 25 with no authentication, but I'm connected to their network. Maybe that will change. I'd think they'd notify us if they were going to stop supporting port 25 for sending mail from connected computers.
FWIW, I'm also still POP-ing on port 110...so I'm not sure what's going on with that support page.

To answer your question, use port 587 with TLS enabled if you are not connected to their network (as on a roving laptop). You many need to provide authentication. AFAIK, use of port 25 at one of the servers I indicated should still work if you are connected. Again, it does for me.

Note that TLS and SSL connections to smtp servers are all about encrypting the authentication -- userid and/or password -- not about securing the content of the email. That would require PGP or some encryption equivalent (about which I know very little).

Last edited by scasey; 07-18-2017 at 09:05 PM.
 
Old 07-18-2017, 09:17 PM   #5
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010
Usually the ssl or tls is automatically negotiated between client and server. I've not heard of explicitly setting it up except to indicate that a password is needed for SMTP. I've never used a SMTP server that requires authentication, although I have used them that require you to be on the same network.
 
Old 07-18-2017, 11:02 PM   #6
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,441

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Quote:
Originally Posted by AwesomeMachine View Post
Usually the ssl or tls is automatically negotiated between client and server. I've not heard of explicitly setting it up except to indicate that a password is needed for SMTP. I've never used a SMTP server that requires authentication, although I have used them that require you to be on the same network.
Agreed about the negotiation...as long as the client software is configured to negotiate; that is, configured to use the appropriate port.

These days, many, if not most, smtp servers require some form of authentication if one is not physically connected to their network. (The ones that don't get used by spammers and then get blocked...) Back in the Outlook days, one had to check the "use same login as for receiving" -- or some language like that -- even when one was connected. I was surprised to see that my Cox connection was using port 25 and didn't have any authentication configured. [using the Thunderbird client]
 
Old 07-19-2017, 12:12 AM   #7
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010Reputation: 1010
Spectrum, part of which was formerly TWC roadrunner, neither requires you to be on their network, nor requires authentication by password. So, there must be some other way to control spammers using open SMTP servers.
 
Old 07-19-2017, 05:10 AM   #8
adrianmariano
Member
 
Registered: Dec 2004
Distribution: Ubuntu Yakkety
Posts: 191

Original Poster
Rep: Reputation: 15
There have been several messages recently about changes to the COX email setup, so I figured it had to do with that. I'm using smtp.east.cox.net. Perhaps changes came first to the east and it hasn't switched for you yet?

I have been using smtp.east.cox.net, and in my syslog I see:

Jul 18 07:54:57 alpaca postfix/smtp[23956]: D0C59BC0E96: to=<XXX>, relay=smtp.east.cox.net[68.1.17.4]:25, delay=55180, delays=55180/0.01/0.13/0, dsn=4.0.0, status=deferred (host smtp.east.cox.net[68.1.17.4] refused to talk to me: 554 eastrmimpo305.cox.net cox connection refused from 98.169.87.32)

My computer is connected by cable to a router which is connected to a cable modem. I assume this qualifies as "physically connected".

I tried to configure my mail program to use 587 and I still got "SMTP session failed: 554 eastrmimpo210.cox.net cox connection refused from 98.16" from the mail program. Note the old config it was passing mail to sendmail, I think, and postfix was handling it, hence messages showing up in the syslog. I couldn't figure how to configure postfix---when I read about TLS there's lots of talk about certificates---so I instead configured the mail program. But since it's not working I'm wondering if I need the certificates.
 
Old 07-19-2017, 10:21 AM   #9
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,441

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
I've not received any notices from Cox.

Did you notice that the smtp server name is different for port 587? Just smtp.cox.net

If that's not it, call Cox Support. That's why they get the big bucks
 
Old 07-19-2017, 10:44 AM   #10
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,441

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Quote:
Originally Posted by AwesomeMachine View Post
Spectrum, part of which was formerly TWC roadrunner, neither requires you to be on their network, nor requires authentication by password. So, there must be some other way to control spammers using open SMTP servers.
According to their support page, one must supply a full email address and password to use their email servers. It appears that they are always requiring authentication, whether one is connected to their network or not.

Likely that's what Cox is moving towards as well. It makes sense. Why have two sets of configurations options (connected vs. not connected), especially in the current age of mobile computing. Maybe they have some bugs if it's a new thing at the OPs location. I just successfully sent and received email with the new Cox settings. [Edit: I can send with port 587, but the pop on port 995 is not working]

I provide access on port 587 to my customers, but then, I'm not an ISP, so that's the only way they can send email from my server. (I also have fail2ban running on that port, as there are hundreds of cracking attempts every day!)

Last edited by scasey; 07-19-2017 at 02:50 PM.
 
Old 07-19-2017, 05:34 PM   #11
adrianmariano
Member
 
Registered: Dec 2004
Distribution: Ubuntu Yakkety
Posts: 191

Original Poster
Rep: Reputation: 15
I expect if I call cox tech support I'll get to talk to someone who knows less than I do about SLS, TLS and SMTP. They'll tell me to reboot my cable modem like that could solve the problem. So I have that as a measure of last resort.

But I just tried Thunderbird and it also fails. So maybe calling tech support is warranted.

Maybe cox is doing phased introduction of their new email configuration? This just came today:

"Welcome to the new Cox Email! In case you missed our first email, your Cox Email account was recently upgraded to a new and improved experience."

They don't say anything about changes to the smtp service, just about a new and improved web mail interface. But maybe the lower level interfaces services are also changing. I did indeed notice that the new address didn't have "east" in it
 
Old 07-19-2017, 06:12 PM   #12
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,441

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Quote:
Originally Posted by adrianmariano View Post
I expect if I call cox tech support I'll get to talk to someone who knows less than I do about SLS, TLS and SMTP. They'll tell me to reboot my cable modem like that could solve the problem. So I have that as a measure of last resort.

But I just tried Thunderbird and it also fails. So maybe calling tech support is warranted.

Maybe cox is doing phased introduction of their new email configuration? This just came today:

"Welcome to the new Cox Email! In case you missed our first email, your Cox Email account was recently upgraded to a new and improved experience."

They don't say anything about changes to the smtp service, just about a new and improved web mail interface. But maybe the lower level interfaces services are also changing. I did indeed notice that the new address didn't have "east" in it
Just to repeat. I was able to use the smtp.cox.net port 587 connection here, but the pop.cox.net port 995 did not work...had to revert back to pop.west.cox.net port 110. And the smtp.west.cox.net port 25 still works for me. I am using Thunderbird.

I've not had that experience with Cox support. The internet folks seem to know what they're doing. They're probably all over email problems, given that they're changing things. YMMV of course.
 
Old 07-21-2017, 05:23 AM   #13
adrianmariano
Member
 
Registered: Dec 2004
Distribution: Ubuntu Yakkety
Posts: 191

Original Poster
Rep: Reputation: 15
Apparently I have an IP that is on the blocked list for smtp. A 56 minute call with cox tech support eventually revealed this information. They can't tell me how/why the IP is blocked. In fact, apparently I could be unlucky with a DHCP renewal and get a blocked IP. It's supposed to take a day for them to process the unblock request.
 
Old 07-21-2017, 09:44 AM   #14
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,441

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Quote:
Originally Posted by adrianmariano View Post
Apparently I have an IP that is on the blocked list for smtp. A 56 minute call with cox tech support eventually revealed this information. They can't tell me how/why the IP is blocked. In fact, apparently I could be unlucky with a DHCP renewal and get a blocked IP. It's supposed to take a day for them to process the unblock request.
Strange. They must be blocking it themselves; your IP isn't on any RBL as far as I can tell. Taking a day to clear the block is pretty poor service. Ask them for a service outage credit!

Does your IP change often? I've had the same dynamic IP address at home for at least a year.
 
Old 07-21-2017, 03:43 PM   #15
adrianmariano
Member
 
Registered: Dec 2004
Distribution: Ubuntu Yakkety
Posts: 191

Original Poster
Rep: Reputation: 15
It appears that they haven't fixed it yet.

I have no clue how stable my IP is. The tech said that it *could* change, but that it usually wouldn't.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to Configure Mail Server SSL/TLS Use Postfix,Courier IMAP And POP3 dharmatkj Linux - Server 1 06-28-2017 12:20 PM
Removing Expiring SSL (TLS) cert caused inability to receive mail in Thunderbird grigory Linux - Server 1 10-14-2016 09:21 AM
E-Mail relay to use outdated mail client without SSL/TLS support? dan12343 Linux - Server 3 07-13-2016 09:00 PM
why do some mail servers send me email w/TLS and others not,even though i enable TLS? psycroptic Linux - Server 10 10-01-2013 03:20 PM
Sendmail TLS relay freealx Linux - Networking 1 03-12-2005 04:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration