The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email on port 465 generates error in outlook

Discussion in 'Security' started by Silver_2000, May 21, 2010.

  1. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    ISPs including Verizon are filtering port 25 traffic which forces customers to start using 465 to send email

    When they configure Outlook to send using port 465 they get a warning from outlook that says the "server you are connected to is using a cert than cannot be verified - the target principle name is incorrect "

    Im using self signed cert on the server - I know that I can pay $180 a year and get a real cert BUT, will that solve this problem for ALL domains and is there another way that DOESNT require spending the $$

    Thanks in advance

    Doug
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,280
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    No it won't solve the problem for all domains. It'll solve the problem for the main hostname. So you'd have to then instruct all your people to connect to the main hostname.

    What your customers are seeing is not an "error" - Just tell your customers if they wnat SSl encryption they need to accept the self-signed certificate and move on. I've never had a customer complain abou thte self signed certs on the SSL mail ports. Let your customers know that they can pay you for a standalone server+software if they want goofy signed certificates on thier own mail hostname.

    Mike
     
  3. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    You can check the following lines inside /etc/exim.conf file and see if it contains the port number 465. If not, add it as follows.

    Code:
    daemon_smtp_ports = 25 : 465
    tls_on_connect_ports = 465
    Once this is done and after saving the file, restart exim. Check for the port using the netstat command after that.

    Code:
    /etc/rc.d/init.d/exim restart
     
  4. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    the problem is that the popup shows up Every time Outlook tries to send an email and the customers who have verizon as an ISP have no choice unless they configure Outlook to send through Verizons outgoing servers

    having people use the fqn isnt a problem if it removes the error ... I just dont thiink its worth $175 a year
     
  5. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    Nilesh

    the port numbers are already in the conf file

    The issue is NOT about getting exim to use port 465 - that already works - its the cert warning that comes up, that is the issue.
     
  6. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    An SSL for the host name of the server can be as little as $40 or so and then just informing users to use server.host.tld (the actual server host name) for the SMTP server is all it takes to avoid warnings.

    Alternatively you can have Exim listen on another port from the "service manager" in WHM by specifying an alternative non-tls port such as 26, 587, etc like many hosts do these days as a lot of ISP's block port 25.
     
  7. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    ive shopped for ssl and the lowest i found was ~150

    any links to the $40 certs ?
     
  8. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    Sadly, brain dead Outlook and the Outlook Express do not have a way to say "always trust this certificate" unless one imports the certificate to the Trusted Root Certification Authorities store (what were they thinking?) but then you are giving the certificate issuer god like powers as far as certification is concerned. The entire scheme is a sham to fill the pockets of certification authorities.
    You need to watch where you are getting the certificate from, because if it is not one of the, or sub of, predefined authorities in Windows then they will be getting the exact same message until that certificate is imported into the store which you could have done at the first place!
    I have the same complain from the users. I tell them they have to live with it and to just to accept it every time they send/receive. Just one extra click after all.
     
  9. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
  10. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    thanks for the ideas

    It appears that Exim is set you be able to use port 26 already ...

    Ive done some preliminary testing and simply switching to port 26 seems to be working

    Thanks again - quick easy cheap solution
     
Loading...

Share This Page