Gmail to SSL secured domain port

Question

Here is the situation: I have a domain (it is NOT always-on) and I have configured port 465 as SSL-secured SMTP "e-mail receiver" (with hMailServer) with a self-signed certificate (note that I have disabled port 25 for security purposes).

However, I get a warning message from Gmail saying that it cannot reach "my_domain:25". Doesn't Gmail try to send mail to port 465 using my self-signed SSL certificate? If it does, why haven't I received the "test e-mail" to my domain e-mail yet???

It sounds like you're confusing SMTP as used to communicate from a mail client to the SMTP server with SMTP as used to send an email from an MTA to another MTA? — SLaks, Oct 02 '14 at 17:05

score 0 · Answer 1 · answered Oct 02 '14 at 17:16

0

You can only specify a host name inside the MX record for your domain and the server is expected to listen on port 25. If you want to enforce TLS then you should set up your mail server, so that it only allows submission if STARTTLS is done before the submission. Any connections after STARTTLS are encrypted.

answered Oct 02 '14 at 17:16

Steffen Ullrich

114,247
10
131
172

My version of HMailServer **DOESN'T** support STARTTLS, ONLY SSL, so can I use my port 465 or MUST I revert to using port 25? – Oct 02 '14 at 17:23
You MUST offer plain SMTP on port 25 and you might offer the upgrade to TLS via STARTTLS. – Steffen Ullrich Oct 02 '14 at 18:14
But how can I support TLS on hMailServer? – Oct 03 '14 at 13:42
If hMailServer does not support STARTTLS then you can not use it as the mail server published in the MX records. – Steffen Ullrich Oct 03 '14 at 15:21

Gmail to SSL secured domain port

1 Answers1