cannot send mails to other servers

[ajax20]

Hello

I'm trying to limit my server's open ports in CSF. The IPv4 port settings include:

# Allow incoming TCP ports
TCP_IN = "22,25,53,80,110,143,443,587 …”

# Allow outgoing TCP ports
TCP_OUT = "22,53,80,113,443,465,995 …”

# Allow incoming UDP ports
UDP_IN = "53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "53,113,123"

As you see, I have port 25 open in TCP_IN but have removed it from TCP_OUT. The reason is I wanted to have my mails transmitted over smtps, so I have port 465 opened instead in TCP_OUT. I have also set the following in Rouncube's config.inc.php:

$config['default_host'] = 'ssl://mail.mydomain.com';
$config['smtp_server'] = 'ssl://mail.mydomain.com';
$config['smtp_port'] = 465;

However, when I remove port 25 from TCP_OUT, I no longer can send mails, say, to gmail, though I can send mails to own. But I can receive all mails.

Please let me know if I need to make any further changes. Do I need to disable port 25 at all, to have my mails sent via ssl.

Thanks

 

[zEitEr]

Hello,

I guess you still need TCP:25 out open if you want to send emails from your server to other servers, as not all of them are SSL/TLS ready.

Please check this http://superuser.com/questions/2600...ail-servers-often-not-encrypted-why-arent-use for some explanations.

 

[ajax20]

Thanks for replying, Alex. Alright, so I need to keep port 25 in TCP_OUT. Still, why can't I send to gmail which does support SSL?

 

[zEitEr]

How does your server know what a remote server supports TLS/SSL? How your server knows that it should connect to GMAIL's TCP:587?

I dont have answers, so you might search in internet, or ask in exim's mailling lists. Or even somebody here has anything to add.

 

[nobaloney]

My experience is that the original EHLO is done on port 25, and then depending on the response your server will either switch to TLS or not.

Jeff