So, last post, I suggested that a VPN was simpler than setting up my home email server to relay when I'm not at home. It was simple, but, when running on a Rasberry Pi, it's awfully slow. To the point of despair. And that's when I'm standing still. If I move around, my android phone has a tendency to disconnect from one wifi hotspot, and connect to another, which disconnects the VPN (admittedly, this may be because I'm in a large building, with eduroam. But at the end-user interface, the cause is irrelevant). All in all, it works, but not brilliantly.
Since I'm off to Redemption '13 this weekend, and the VPN set up is looking a bit untenable. Admittedly, it'll mostly be twitter, but I figured I'd get the email working.
Turns out that, in fact, it was trivial. I'd done all the work before, but, ahem. Forgotten to open the port...
( preambleCollapse )
( Configuration AuthenticationCollapse )
( Encrypting communicationsCollapse )
( The magic portCollapse )
Interestingly, it turns out that authenticate email over TLS uses exactly the same communication irrespective of the port: it starts off in plain text, swapping
Since I'm off to Redemption '13 this weekend, and the VPN set up is looking a bit untenable. Admittedly, it'll mostly be twitter, but I figured I'd get the email working.
Turns out that, in fact, it was trivial. I'd done all the work before, but, ahem. Forgotten to open the port...
( preambleCollapse )
( Configuration AuthenticationCollapse )
( Encrypting communicationsCollapse )
( The magic portCollapse )
Interestingly, it turns out that authenticate email over TLS uses exactly the same communication irrespective of the port: it starts off in plain text, swapping
EHLO acknowledgements, and it's only the STARTTLS instruction that turns the encryption on. Obviously, the server could refuse to allow TLS on port 25, and refuse to continue conversations on port 587 if the client doesn't activate TLS, but if these are left optional, there's no difference between the two ports. So blocking port 25 doesn't stop people running their own SMTP servers. It just means they've got to offload their communications to port 587, and everything else is unchanged (well, you might need to find a different server to off-load to. But the port number doesn't magically ensure a sensible configuration).1 comment | Leave a comment
excited
contemplative
giggly