FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-08-2012, 03:02 PM
Camaleón
 
Default IANA ports (was: Filezilla a security risk)

On Sun, 08 Jul 2012 16:36:20 +0200, Slavko wrote:

> Dňa Sun, 8 Jul 2012 11:59:50 +0000 (UTC) Camaleón <noelamac@gmail.com>
> nap*sal:
>
>> > By mi search, the standard is SMTP + STARTTLS and not SSL + SMTP.
>
>> There are different implementations, all of them standarized:
>>
>> While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use of
>> specific computer ports, imap, pop3 and smtp using "STARTTLS" keep the
>> same ports that their non-encrypted counterparts (143/110/25) to
>> transmit clear text credentials protected.
>
> if smtps is standardized, then why i see this:
>
> grep 587 /etc/services
> submission 587/tcp # Submission [RFC4409]
> submission 587/udp
>
> but:
>
> grep smtps /etc/services
> ssmtp 465/tcp smtps # SMTP over SSL

You can query for both in one line:

sm01@stt008:~$ grep -e 587 -e 465 /etc/services
submission 587/tcp # Submission [RFC4409]
submission 587/udp
ssmtp 465/tcp smtps # SMTP over SSL

What's what you don't like here? The old port could be still there for
legacy/backward compatibility issues.

> can you please tell me the RFC about SMTPS?

http://en.wikipedia.org/wiki/SMTPS

>> Well, when opening ports is not possible (consider a restricted
>> environment) or as Wikipedia¹ explains, independency and transparency
>> seen as a plus when using this extension.
>
> i know about differences both of the implementations.

Fine, but you asked.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jtc7dj$s8h$9@dough.gmane.org
 
Old 07-08-2012, 03:22 PM
Slavko
 
Default IANA ports (was: Filezilla a security risk)

Ahoj,

Dňa Sun, 8 Jul 2012 15:02:11 +0000 (UTC) Camaleón <noelamac@gmail.com>
nap*sal:

> > can you please tell me the RFC about SMTPS?
>
> http://en.wikipedia.org/wiki/SMTPS
>

I never know, that internet standards are controlled by wikipedia. It is
great, now anybody can create the own standard and nobody need the IANA or
another international organization!

regards

--
Slavko
http://slavino.sk
 
Old 07-08-2012, 03:33 PM
Camaleón
 
Default IANA ports (was: Filezilla a security risk)

On Sun, 08 Jul 2012 17:22:35 +0200, Slavko wrote:

> Dňa Sun, 8 Jul 2012 15:02:11 +0000 (UTC) Camaleón <noelamac@gmail.com>
> nap*sal:
>
>> > can you please tell me the RFC about SMTPS?
>>
>> http://en.wikipedia.org/wiki/SMTPS
>>
>>
> I never know, that internet standards are controlled by wikipedia. It is
> great, now anybody can create the own standard and nobody need the IANA
> or another international organization!

?

What Wikipedia explains (and you asked "why") about the "smtps" standard
is not detailed in the RFC (because RFCs are not the place for long
dissertations...) but feel free to read the article or to ignore it.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jtc97t$s8h$11@dough.gmane.org
 
Old 07-08-2012, 03:56 PM
Slavko
 
Default IANA ports (was: Filezilla a security risk)

Hi,

Dňa Sun, 8 Jul 2012 15:33:17 +0000 (UTC) Camaleón <noelamac@gmail.com>
nap*sal:

> What Wikipedia explains (and you asked "why") about the "smtps" standard

Reread my initial mail, please. I don't ask "why" in it, but my english is
poor, then perhaps i wrote it in wrong manner.

> is not detailed in the RFC (because RFCs are not the place for long
> dissertations...) but feel free to read the article or to ignore it.

For me is enough to know that SMTP over SLL was not standardized yet (or
still?). Why and when this happens is not my problem in these days.

regards

--
Slavko
http://slavino.sk
 
Old 07-08-2012, 04:10 PM
Camaleón
 
Default IANA ports (was: Filezilla a security risk)

On Sun, 08 Jul 2012 17:56:21 +0200, Slavko wrote:

> Dňa Sun, 8 Jul 2012 15:33:17 +0000 (UTC) Camaleón <noelamac@gmail.com>
> nap*sal:
>
>> What Wikipedia explains (and you asked "why") about the "smtps"
>> standard
>
> Reread my initial mail, please. I don't ask "why" in it, but my english
> is poor, then perhaps i wrote it in wrong manner.

The "why" is not in your first message but in your second post:

"if smtps is standardized, then why i see this:"
^^^

>> is not detailed in the RFC (because RFCs are not the place for long
>> dissertations...) but feel free to read the article or to ignore it.
>
> For me is enough to know that SMTP over SLL was not standardized yet (or
> still?). Why and when this happens is not my problem in these days.

SMTPS (and SMTP over SSL/TLS) is standarized as always has been, what
happens is that it was updated to use starttls extension and the older
RFC was deprecated (but still used in some hosts).

Should you had read the Wikipedia article...

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jtcbdj$s8h$14@dough.gmane.org
 
Old 07-08-2012, 04:36 PM
Henrique de Moraes Holschuh
 
Default IANA ports (was: Filezilla a security risk)

On Sun, 08 Jul 2012, Camalen wrote:
> SMTPS (and SMTP over SSL/TLS) is standarized as always has been, what

Actually, at least on port 465, it is deprecated with prejudice as it has
been assigned to something else.

> happens is that it was updated to use starttls extension and the older
> RFC was deprecated (but still used in some hosts).

It is widely used because of some bercrappy MUAs[1] that screw up when told
to do STARTTLS over port 587, AND because something-over-SSL is friendly to
dumb[2] hardware TLS endpoint gateways, while STARTTLS is not (requires an
application-level proxy running on the TLS gateway).

[1] this mostly includes old versions of certain extremely widely used MS
Windows MUAs.

[2] as in cheaper and much faster, "dumb" isn't a bad thing in this context

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120708163632.GC15477@khazad-dum.debian.net">http://lists.debian.org/20120708163632.GC15477@khazad-dum.debian.net
 
Old 07-08-2012, 04:43 PM
Camalen
 
Default IANA ports (was: Filezilla a security risk)

On Sun, 08 Jul 2012 13:36:32 -0300, Henrique de Moraes Holschuh wrote:

> On Sun, 08 Jul 2012, Camalen wrote:
>> SMTPS (and SMTP over SSL/TLS) is standarized as always has been, what
>
> Actually, at least on port 465, it is deprecated with prejudice as it
> has been assigned to something else.

Yes, but still needed under to cope with some corner circumstances (e.g.,
to support old MUAs).

>> happens is that it was updated to use starttls extension and the older
>> RFC was deprecated (but still used in some hosts).
>
> It is widely used because of some bercrappy MUAs[1] that screw up when
> told to do STARTTLS over port 587, AND because something-over-SSL is
> friendly to dumb[2] hardware TLS endpoint gateways, while STARTTLS is
> not (requires an application-level proxy running on the TLS gateway).

Yup, exactly ;-(

Greetings,

--
Camalen


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jtcdc9$s8h$16@dough.gmane.org


Sun Jul 8 19:30:01 2012
Return-Path: <bounce-debian-user=tom=linux-archive.org@lists.debian.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
eagle542.startdedicated.com
X-Spam-Level:
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIM_SIGNED,FSL_RCVD_USER,
RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-Original-To: tom@linux-archive.org
Delivered-To: tom-linux-archive.org@eagle542.startdedicated.com
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by eagle542.startdedicated.com (Postfix) with ESMTP id 2FA8820E04F3
for <tom@linux-archive.org>; Sun, 8 Jul 2012 18:52:30 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with QMQP
id EE956289; Sun, 8 Jul 2012 16:52:16 +0000 (UTC)
Old-Return-Path: <debian-user@list-post.mks-mail.de>
X-Original-To: lists-debian-user@bendel.debian.org
Delivered-To: lists-debian-user@bendel.debian.org
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id 3304D16B
for <lists-debian-user@bendel.debian.org>; Sun, 8 Jul 2012 16:52:08 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-7.1 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, LDO_WHITELIST=-5] autolearn=ham
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
with ESMTP id VZg2Y1_kLTGn for <lists-debian-user@bendel.debian.org>;
Sun, 8 Jul 2012 16:52:03 +0000 (UTC)
X-policyd-weight: using cached result; rate:hard: -6.1
Received: from mail.ddt-consult.de (mail.ddt-consult.de [176.9.143.18])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by bendel.debian.org (Postfix) with ESMTPS id 7B914FE
for <debian-user@lists.debian.org>; Sun, 8 Jul 2012 16:52:03 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by mail.ddt-consult.de (Postfix) with ESMTP id 2DB852C7432
for <debian-user@lists.debian.org>; Sun, 8 Jul 2012 18:52:01 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
list-post.mks-mail.de; h=content-transfer-encoding:content-type
:content-type:in-reply-to:references:subject:subject
:mime-version:user-agent:reply-to:from:from:date:date:message-id
:received:received; s=lpm; t=1341766320; bh=CQbQ4Sv5lw/BtgsrTdvL
tPw5yNE89DmanRpei6YNPvs=; b=OnO4XssKmXLtBWutB34YRiMVKDPlN1G0pISS
Xyqa+HmYEMC5WVWWvcQFZrw7INSRolZWsBFqQJdq1gmVAzEHGi yQ0xah2JAnro8b
F7Fhk4IpW9LCzckypVlNWfdtZdv76zBLUDYhBDNSRvi1RIl/aNcdB8CK9kJqK6yt
mNPiBWg=
X-Virus-Scanned: Debian amavisd-new at mail
Received: from mail.ddt-consult.de ([127.0.0.1])
by localhost (mail2.ddt-consult.de [127.0.0.1]) (amavisd-new, port 20024)
with LMTP id JIy-S8r9ddYZ for <debian-user@lists.debian.org>;
Sun, 8 Jul 2012 18:52:00 +0200 (CEST)
Received: from legolas.home.ddt.intern (p5DC37901.dip.t-dialin.net [93.195.121.1])
(Authenticated sender: mks@list-post.mks-mail.de)
by mail.ddt-consult.de (Postfix) with ESMTPSA id 24B502C7379
for <debian-user@lists.debian.org>; Sun, 8 Jul 2012 18:52:00 +0200 (CEST)
Message-ID: <4FF9BAAF.5060601@list-post.mks-mail.de>
Date: Sun, 08 Jul 2012 18:51:59 +0200
From: =?UTF-8?B?TWFya3VzIFNjaMO2bmhhYmVy?=
<debian-user@list-post.mks-mail.de>
Reply-To: debian-user@lists.debian.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1
MIME-Version: 1.0
To: debian-user@lists.debian.org
Subject: Re: Filezilla a security risk
References: <CA+AKB6E1FfRCNbV6PimAvdvUfoBKuo7rgLsbaCR_7tgtuZdw 5A@mail.gmail.com> <jskgm9$68h$11@dough.gmane.org> <20120701190852.6ac28c32.celejar@gmail.com> <201207072127.38523.lisi.reisz@gmail.com> <20120708000433.372b2be0.celejar@gmail.com> <20120708085515.183aa860@bonifac.skk> <jtbsnm$s8h$7@dough.gmane.org> <4FF99C27.5050509@list-post.mks-mail.de> <jtc84a$s8h$10@dough.gmane.org>
In-Reply-To: <jtc84a$s8h$10@dough.gmane.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <P7kRMeHjZSN.A.ZGG.Arb-PB@bendel>
Resent-From: debian-user@lists.debian.org
X-Mailing-List: <debian-user@lists.debian.org> archive/latest/634948
X-Loop: debian-user@lists.debian.org
List-Id: <debian-user.lists.debian.org>
List-Post: <mailto:debian-user@lists.debian.org>
List-Help: <mailto:debian-user-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-user-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-user-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-user-request@lists.debian.org
Resent-Date: Sun, 8 Jul 2012 16:52:16 +0000 (UTC)

08.07.2012 17:14, Camalen:

> On Sun, 08 Jul 2012 16:41:43 +0200, Markus Schnhaber wrote:
>
>> 08.07.2012 13:59, Camalen:
>>
>>> While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use of
>>
>> smtps was defined as 465/tcp. 587/tcp is message submission which does
>> not provide encryption on the transport layer.
>
> They are used for the same purpose (secure smtp) but the former is now
> depretacted.

For some definition of "purpose", maybe [1]
Stating that 587/tcp was smtps is simply wrong, because it implies
encryption on the network layer.

> What I did not know is that the new standard can be used
> with or without security (starttls) in the same port.

Which makes "the new standard" something very different.


[1] For example: MUAs should connect to this port to send outgoing mail.

--
Regards
mks



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/4FF9BAAF.5060601@list-post.mks-mail.de
 
Old 07-08-2012, 06:09 PM
Slavko
 
Default IANA ports (was: Filezilla a security risk)

Ahoj,

Dňa Sun, 8 Jul 2012 16:10:27 +0000 (UTC) Camaleón <noelamac@gmail.com>
nap*sal:

> The "why" is not in your first message but in your second post:
>
> "if smtps is standardized, then why i see this:"

Oh, yes. My misunderstand, i am sorry.

> >> is not detailed in the RFC (because RFCs are not the place for long
> >> dissertations...) but feel free to read the article or to ignore it.
> >
> > For me is enough to know that SMTP over SLL was not standardized yet
> > (or still?). Why and when this happens is not my problem in these days.
>
> SMTPS (and SMTP over SSL/TLS) is standarized as always has been, what
> happens is that it was updated to use starttls extension and the older
> RFC was deprecated (but still used in some hosts).

As i wrote early, i know difference and major for me is, that SMTP +
STARTTLS starts as unencrypted, but SMTP over SSL is encrypted from start.
Then STARTTLS s not exactly the same as SMTP over SSL. But credentials and
message transfers are encrypted in both circumstances.

And if i proper understand (quick look into) RFC 6409, then mentioned port
587 is not exactly for SMTP over SSL. It is intended to sending
mails from MUAs and only allows usage of the "IPSEC and other encrypted and
authenticated tunneling techniques" (section 3.3) and in real, one can
select which will be used. Then it is the site/server depended solution. I
am right?

regards

--
Slavko
http://slavino.sk
 
Old 07-09-2012, 01:34 PM
Camaleón
 
Default IANA ports (was: Filezilla a security risk)

On Sun, 08 Jul 2012 20:09:41 +0200, Slavko wrote:

> Dňa Sun, 8 Jul 2012 16:10:27 +0000 (UTC) Camaleón <noelamac@gmail.com>
> nap*sal:

(...)

>> SMTPS (and SMTP over SSL/TLS) is standarized as always has been, what
>> happens is that it was updated to use starttls extension and the older
>> RFC was deprecated (but still used in some hosts).
>
> As i wrote early, i know difference and major for me is, that SMTP +
> STARTTLS starts as unencrypted, but SMTP over SSL is encrypted from
> start. Then STARTTLS s not exactly the same as SMTP over SSL. But
> credentials and message transfers are encrypted in both circumstances.

The thing is that there are no other replacements... yet.

So what we have now for sending e-mails is the plain, unencrypted port
(tcp/25) and smtps (or whatever you prefer to call it, "smtp over tls"?),
that is, tcp/587 that can take the role of the deprecated tcp/465
(encryption using a dedicated port).

> And if i proper understand (quick look into) RFC 6409, then mentioned
> port 587 is not exactly for SMTP over SSL. It is intended to sending
> mails from MUAs and only allows usage of the "IPSEC and other encrypted
> and authenticated tunneling techniques" (section 3.3) and in real, one
> can select which will be used. Then it is the site/server depended
> solution. I am right?

It's section 7 (Extensions) what makes the difference and, in any case,
you always depend on the server exposed capabilities for this.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jteml6$sc9$7@dough.gmane.org
 

Thread Tools




All times are GMT. The time now is 01:55 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org