Mail can't receive external emails

can you please explain to me more ??? i don't understand what do you mean ..
is this normal to receive only from local domain ???

1 Like

why ports of your mail.2m-partners.tn are dead

1 Like

Port 465 isn't assigned to the SMTP protocol any longer and shouldn't be used any more.

Please use TCP port 25 and 587 with STARTTLS.

Please open TCP port 25 to the public too and not only 587. Port 587 is used for message submission by mail user agents such as Microsoft Outlook or Mozilla Thunderbird, but port 25 is used for message relay, such as other mail servers trying to deliver an e-mail to your mail server.

Note that generic e-mail server troubleshooting is NOT the purpose of this Community. Port 587, which is open, has a valid certificate for mail.2m-partners.tn and the chain send by the server is correct. Also TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3* are all working properly. It sounds like this is not a TLS or certificate related issue.

2 Likes

@griffin but for more security i should close the port 25 !!

I have no idea where that statement comes from, but I disagree. Often the same piece of software is listening on port 25 as well as 587, so there is no difference in security between both ports.

Also see my edit above about this Community not being the correct place for generic e-mail server troubleshooting not related to TLS and/or Let's Encrypt certificate(s).

2 Likes

[quote="Osiris, post:24, topic:149021"]
''' Notez que le dépannage du serveur de messagerie générique n'est PAS le but de cette communauté. Le port 587, qui est ouvert, a un certificat valide pour mail.2m-partners.tn et la chaîne envoyée par le serveur est correcte. De plus, TLSv1.0, TLSv1.1, TLSv1.2 et TLSv1.3 * fonctionnent tous correctement. Il semble que ce ne soit pas un problème lié au TLS ou au certificat.'''
i know but using the problem of the port 465 after certification make me confused i said that perhaps it's the problem of my certification

1 Like

See Simple Mail Transfer Protocol - Wikipedia

465 This port was deprecated after RFC 2487, until the issue of RFC 8314.

Port 465 was deprecated, but after 8314 it's possible to use that port. That's an always encrypted port, so no cleartext / STARTTLS is required.

Port 25 / 587 often starts with cleartext. Port 465 never.

2 Likes

you said to me that why ports of your mail.2m-partners.tn are dead
can you explain to me ?

1 Like

Hm, I stand corrected. It seems my knowledge of RFCs (and Google FU) isn't up to par :grin:

That said, it seems port 465 is also used for mail submission, like 587, and not for mail relay. So port 25 is still required to be open for mail relay purposes.

2 Likes

@bensaidRayen

Sorry for disappearing last night. Had to deal with something then I was too tired and had to sleep.

What I'm reading is generally right all around. I was asking about whether mail was being saved on your server to see if the mail relay (via port 25) was actually working (since @Osiris and I kept seeing intermittent behavior of your email server based on our collective testing in the background). Email by itself is traditionally not a secure media. Your mail clients can securely upload (ports 465 and/or 587) and/or download (ports 993 imap and/or 995 pop3) email, but there is no guarantee of secure relay of email across the internet unless a public key belonging to the receiver is used to encrypt before transmission (resulting in "end-to-end" encryption).

One of the big factors related to ports 993 imap and 995 pop3 is email management on your server (i.e. deleting/moving messages on your server via actions taken within your email client). This is more of a server data-management issue than a mail delivery issue. Since such actions require authentication, it is necessary to secure the corresponding communications to prevent leaking of authentication credentials.

As for the port 465/587 debate (more like debacle), well... port 587 is the official port though many providers (like GoDaddy) still use port 465. As @JuergenAuer referenced, port 465 has been "adopted" as "implicit/assumed TLS" whereas port 587 is the official "explicit/optional TLS". Hence, from an email-client perspective, port 587 behaves like port 25, but can optionally behave like port 465. However, when relaying email across the internet, mail servers use port 25.

Here's a boatload of information:

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

2 Likes

You certainly don't want to have port 25 closed. You just shouldn't use it to send mail with your email clients. Port 25 should only be used to deliver email to your server.

2 Likes

Also, there is no choice about this: if you want to receive mail from other servers addressed to your server, you must receive it on port 25 (unless you can somehow individually negotiate this with every sender, which is extremely unlikely). Delivering to other servers on port 25 has been the standard since the 1980s and it's the only option that the overwhelming majority of mail servers will attempt.

Some of my former colleagues at EFF were previously working on a project to try to make port 25 more secure, and other people are working on that too, but these projects start from the assumption that an open port 25 is required.

4 Likes

it's okey no need to be sorry, thanx you very much @griffin

1 Like