#3033: lists.osgeo.org does not support port 587 starttls and mail.osgeo.org does
not work with SSL
------------------------------+-----------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Postfix | Keywords:
------------------------------+-----------------------
I ran into this issue recently when experimenting with setting up
discourse and also ran into it setting up video.osgeo.org.
Most apps these days default to port 587 / starttls.
As far as I can tell port 587 on osgeo6 is not reachable from our other
hosts (or not at all) though I thought it was at some point in time. Or
maybe postfix is no longer using that port?
At anyrate port 25 (with or without SSl works), port 465 with or without
SSL works.
I should also note that when ssl is enabled, mail.osgeo.org often fails
cause I guess we have no cert for mail.osgeo.org.
If we ever detangle lists.osgeo.org from the mail server, then this will
become an issue.
I'm almost tempted to start a new mail.osgeo.org perhaps running in a
container, but not sure if that will cause issues.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3033>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3033: lists.osgeo.org does not support port 587 starttls and mail.osgeo.org does
not work with SSL
------------------------------+------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Postfix | Resolution:
Keywords: |
------------------------------+------------------------
Comment (by strk):
I think for now it's ok to not support port 587 (submission, optionally
with STARTSSL) and use port 465 (submissions, using SSL).
Port 25 is for MTA (mail transport agent) which receives email from a MSA
(mail submission agent) which receives it from a MUA (mail user agent)
See:
- https://www.iana.org/assignments/service-names-port-numbers/service-
names-port-numbers.xhtml?search=465
- https://www.iana.org/assignments/service-names-port-numbers/service-
names-port-numbers.xhtml?search=25
- https://www.iana.org/assignments/service-names-port-numbers/service-
names-port-numbers.xhtml?search=587
The SSL certificate used for mail.osgeo.org belongs to name
lists.osgeo.org so for now use that name. When/if we change that
certificate name we will need to update instructions for the submissions
service on the wiki (no link handy at the moment). For MTA/25/STARTTLS I
guess it would be useful for the MX record host ame to match the
certificate name, I didn't check how it looks at the moment
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3033#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#3033: lists.osgeo.org does not support port 587 starttls and mail.osgeo.org does
not work with SSL
------------------------------+-----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2024-III
Component: SysAdmin/Postfix | Resolution:
Keywords: |
------------------------------+-----------------------------------------
Changes (by strk):
* milestone: Unplanned => Sysadmin Contract 2024-III
--
Ticket URL: <#3033 (lists.osgeo.org does not support port 587 starttls and mail.osgeo.org does not work with SSL) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3033: lists.osgeo.org does not support port 587 starttls and mail.osgeo.org does
not work with SSL
------------------------------+-----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2024-III
Component: SysAdmin/Postfix | Resolution:
Keywords: |
------------------------------+-----------------------------------------
Comment (by gdt):
I get the tangling problem, but
- mailing list hosts need not implement submission as they do not serve
MUAs
- one can have alternative names in certs so they are valid for two
names
--
Ticket URL: <#3033 (lists.osgeo.org does not support port 587 starttls and mail.osgeo.org does not work with SSL) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.