I'm trying to setup mail on Mavericks to talk directly to my mail server at an ISP. I use the ISP for my mail, but filter it through Gmail and that works. So, here's what I've tried:
- telnet to port 25 (blocked by ISP)
- telnet to port 465 (connects, but get no e-mail header)
- openssl to port 465 (works just like I'd expect)
- openssl to Gmail port 465 (works just like I'd expect)
- telnet to Gmail port 25 (blocked)
…but here's the difference. For Gmail, I have "default ports (25, 465, 587)" checked, and no custom port. For my ISP, I have custom port set to 465. I have use SSL checked for both. However, for Gmail, it realizes it has to use 465, and for my ISP, it gets stuck trying to connect to 25.
Any ideas? It seems that mail knows to use TLS for port 465 only if it's a "default" port, and won't use it if I type 465 in directly.
Here's a bit more information:
Successful connection to Gmail:
INITIATING CONNECTION Oct 29 22:11:37.797 host:smtp.gmail.com -- port:465 -- socket:0x0 -- thread:0x600001277d00
CONNECTED Oct 29 22:11:38.008 [<b>kCFStreamSocketSecurityLevelTLSv1_0</b>] -- host:smtp.gmail.com -- port:465 -- socket:0x6000004c4910 -- thread:0x600001277d00
READ Oct 29 22:11:38.081 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:smtp.gmail.com -- port:465 -- socket:0x6000004c4910 -- thread:0x600001277d00
220 mx.google.com ESMTP m63sm2836028ioe.40 - gsmtp
Unsuccessful connection to ISP (hostname obscured)
INITIATING CONNECTION Oct 31 21:17:03.606 host:mail.xxx.xxx -- port:465 -- socket:0x0 -- thread:0x600001661b00
CONNECTED Oct 31 21:17:03.909 [<b>kCFStreamSocketSecurityLevelNone</b>] -- host:mail.xxx.xxx -- port:465 -- socket:0x6080006cf0a0 -- thread:0x600001661b00
I found a bit more, but may need more help. I'm getting the following error in the system log:
errSSLXCertChainInvalid: Invalid certificate chain (-9807)
The ISP-assigned server has a self-signed certificate. I think it's loaded. It was originally a "login" certificate. I tried trusting it for everything, and that didn't work. I tried moving it to system, and that didn't work. So, I'm wondering if the certificate is not considered a root certificate.
I requested the ISP to fix the https site so that I could hopefully get the certificate into the Mac. It appears that no one uses any other method of getting the cert than browsing in Safari, and Safari refuses to connect to port 465.
Best Answer
You wouldn't get anything from port 465 at all as it's encrypted.
Various forms of encryption use various ports (not all the same port) and keep it that way to keep themselves identifiable. Some may do their own thing, but it's entirely up to them.
Here a quick list of providers and their various ports for reference.