Community discussions

MikroTik App
 
User avatar
Joni
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Fri Mar 20, 2015 2:46 pm
Contact:

Tools/email and ports

Sat Apr 10, 2021 12:43 pm

In https://wiki.mikrotik.com/wiki/Manual:Tools/email

there is a note
If start-tls='''tls-only''', port 465 will be used
either the note is left over from a previous circumstance or it is not RFC compliant

http://www.iana.org/assignments/service ... umbers.txt
https://tools.ietf.org/html/rfc8314#section-7.3

https://www.mailgun.com/blog/which-smtp ... 5-465-587/
https://sendgrid.com/blog/whats-the-dif ... 5-and-587/

effectively making RouterOS a legacy system, which should default to 587.

If Mikrotik would like to deviate from this default then such separate setting should be implemented, it is up to the client (RouterOS) to refuse using a non-established TLS connection on port 587 if tls-only is checked.

When a "/tool e-mail set port" is not defined and "/tool e-mail send" is attempted there is no communication even attempted to the email server defined for "/tool e-mail send server", however an error message of "error connecting to server (6)" is still given, so Mikrotik doesn't seem to default to any port, when any "/tool e-mail set port" is defined it works but then port mentioned in the note for start-tls="tls-only" is overridden by the value in "/tool e-mail get port").

In addition to this, the Send Email tool (/tool e-mail send) in Winbox has only a TLS checkbox (not pulldown with no, tls-only, yes) which doesn't indicate which configuration is attempted (implies tls-only). Especially as if /tool e-mail set start-tls=''no" and your "/tool e-mail send" TLS is checked it will still send the email without TLS.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Tools/email and ports

Sat Apr 10, 2021 1:14 pm

All I know is it works fine with my ISP provider??
My ISP provider requires 465 by the way.
Also my settings are start TLS=tls only
 
User avatar
Joni
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Fri Mar 20, 2015 2:46 pm
Contact:

Re: Tools/email and ports

Sat Apr 10, 2021 2:05 pm

All I know is it works fine with my ISP provider??
Yes, they are receiving email, they have to because of ignorant customers, accepting legacy setups. The difference is Mikrotik is sending and have no reason default to a legacy port which the user can override if needed.
My ISP provider requires 465 by the way.
Ignorance goes both ways.
Also my settings are start TLS=tls only
You have to be quite much more specific. Technically 465 would explicitly be a TLS-only port so you're not actually bringing anything to the table.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Tools/email and ports

Sat Apr 10, 2021 2:37 pm

So all you are saying is that 465 is to be no longer user for SMPT and one should use 587.
However I fail to see how this makes email traffic any more or less secure because that is what I care about more than some organization telling me what I can and cannot use ports for LOL.
If 587 was magically more secure then you would have a point. Since the ISP controls the traffic flow and they have deemed 465 to be used, who am I to say anything different.
More to the point if I use port 587 I wont be able to send mail, so I see your point but cannot follow your advice.

Who is online

Users browsing this forum: anav, Google [Bot], JDF and 101 guests