Email on port 465 generates error in outlook

[Silver_2000]

ISPs including Verizon are filtering port 25 traffic which forces customers to start using 465 to send email

When they configure Outlook to send using port 465 they get a warning from outlook that says the "server you are connected to is using a cert than cannot be verified - the target principle name is incorrect "

Im using self signed cert on the server - I know that I can pay $180 a year and get a real cert BUT, will that solve this problem for ALL domains and is there another way that DOESNT require spending the $$

Thanks in advance

Doug

[mtindor]

ISPs including Verizon are filtering port 25 traffic which forces customers to start using 465 to send email

When they configure Outlook to send using port 465 they get a warning from outlook that says the "server you are connected to is using a cert than cannot be verified - the target principle name is incorrect "

Im using self signed cert on the server - I know that I can pay $180 a year and get a real cert BUT, will that solve this problem for ALL domains and is there another way that DOESNT require spending the $$

Thanks in advance

Doug

No it won't solve the problem for all domains. It'll solve the problem for the main hostname. So you'd have to then instruct all your people to connect to the main hostname.

What your customers are seeing is not an "error" - Just tell your customers if they wnat SSl encryption they need to accept the self-signed certificate and move on. I've never had a customer complain abou thte self signed certs on the SSL mail ports. Let your customers know that they can pay you for a standalone server+software if they want goofy signed certificates on thier own mail hostname.

Mike

[crazyaboutlinux]

You can check the following lines inside /etc/exim.conf file and see if it contains the port number 465. If not, add it as follows.

Code:

daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465

Once this is done and after saving the file, restart exim. Check for the port using the netstat command after that.

Code:

/etc/rc.d/init.d/exim restart

[Silver_2000]

No it won't solve the problem for all domains. It'll solve the problem for the main hostname. So you'd have to then instruct all your people to connect to the main hostname.

What your customers are seeing is not an "error" - Just tell your customers if they wnat SSl encryption they need to accept the self-signed certificate and move on. I've never had a customer complain abou thte self signed certs on the SSL mail ports. Let your customers know that they can pay you for a standalone server+software if they want goofy signed certificates on thier own mail hostname.

Mike

the problem is that the popup shows up Every time Outlook tries to send an email and the customers who have verizon as an ISP have no choice unless they configure Outlook to send through Verizons outgoing servers

having people use the fqn isnt a problem if it removes the error ... I just dont thiink its worth $175 a year

[Silver_2000]

You can check the following lines inside /etc/exim.conf file and see if it contains the port number 465. If not, add it as follows.

Code:

daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465

Once this is done and after saving the file, restart exim. Check for the port using the netstat command after that.

Code:

/etc/rc.d/init.d/exim restart

Nilesh

the port numbers are already in the conf file

The issue is NOT about getting exim to use port 465 - that already works - its the cert warning that comes up, that is the issue.

[DomineauX]

An SSL for the host name of the server can be as little as $40 or so and then just informing users to use server.host.tld (the actual server host name) for the SMTP server is all it takes to avoid warnings.

Alternatively you can have Exim listen on another port from the "service manager" in WHM by specifying an alternative non-tls port such as 26, 587, etc like many hosts do these days as a lot of ISP's block port 25.

[Silver_2000]

ive shopped for ssl and the lowest i found was ~150

any links to the $40 certs ?

[thobarn]

the problem is that the popup shows up Every time Outlook tries to send an email...

Sadly, brain dead Outlook and the Outlook Express do not have a way to say "always trust this certificate" unless one imports the certificate to the Trusted Root Certification Authorities store (what were they thinking?) but then you are giving the certificate issuer god like powers as far as certification is concerned. The entire scheme is a sham to fill the pockets of certification authorities.

any links to the $40 certs?

You need to watch where you are getting the certificate from, because if it is not one of the, or sub of, predefined authorities in Windows then they will be getting the exact same message until that certificate is imported into the store which you could have done at the first place!
I have the same complain from the users. I tell them they have to live with it and to just to accept it every time they send/receive. Just one extra click after all.

[DomineauX]

Sorry I am not up on retail availability SSL cert pricing but a quick search found $46.50 for GeoTrust or Commodo certs:

Advanced search :: Search results - Trusted GeoTrust and Comodo SSL Certificates at Lower Prices. RapidSSL, Comodo PositiveSSL, GeoTrust QuickSSL, True BusinessID with EV and more. CheapSSLs.com -- Same Certs. Low Price.

[Silver_2000]

thanks for the ideas

It appears that Exim is set you be able to use port 26 already ...

Ive done some preliminary testing and simply switching to port 26 seems to be working

Thanks again - quick easy cheap solution

[ajeeshbkannan]

Hello,

Please try with going mail server as hostname of your mail server or IP

Thanks
ajeeshbkannan.blogspot.com