1 Verizon blocks outgoing connections on port 25 ([SMTP][]) unless you
2 are connecting to their `outgoing.verizon.net` message exchange
3 server. This server requires authentication with your Verzon
4 username/password before it will accept your mail. For the purpose of
5 this example, our Verizon username is `jdoe`, our Verizon password is
6 `YOURPASS`, and were sending email from `me@example.com` to
9 $ nc outgoing.verizon.net 25
10 220 vms173003pub.verizon.net -- Server ESMTP (...)
11 mail from: <jdoe@example.com>
12 550 5.7.1 Authentication Required
14 221 2.3.0 Bye received. Goodbye.
16 Because authenticating over an unencrypted connection is a Bad Idea™,
17 I was looking for an encrypted way to send my outgoing email.
18 Unfortunately, Verizon's exchange server does not support [STARTTLS][]
19 for encrypting connections to `outgoing.verizon.net:25`:
21 $ nc outgoing.verizon.net 25
22 220 vms173003pub.verizon.net -- Server ESMTP (...)
24 250-vms173003pub.verizon.net
29 250-ENHANCEDSTATUSCODES
31 250-XLOOP E9B7EB199A9B52CF7D936A4DD3199D6F
32 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5
38 533 5.7.1 STARTTLS command is not enabled.
40 221 2.3.0 Bye received. Goodbye.
42 Verizon [recommends][verizon] pre-STARTTLS approach of wrapping the
43 whole SMTP connection in TLS ([SMTPS][]), which it provides via
44 `outgoing.verizon.net:465`:
46 $ python -c 'from base64 import *; print b64encode("\0jdoe@verizon.net\0YOURPASS")'
47 AGpkb2VAdmVyaXpvbi5uZXQAWU9VUlBBU1M=
48 $ openssl s_client -connect outgoing.verizon.net:465
50 220 vms173013pub.verizon.net -- Server ESMTP (...)
52 250-vms173013pub.verizon.net
57 250-ENHANCEDSTATUSCODES
59 250-XLOOP 9380A5843FE933CF9BD037667F4C950D
60 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5
65 auth plain AGpkb2VAdmVyaXpvbi5uZXQAWU9VUlBBU1M
66 235 2.7.0 plain authentication successful.
67 mail from: <me@example.com>
69 rcpt to: <you@target.edu>
70 250 2.1.5 you@target.edu OK.
72 354 Enter mail, end with a single ".".
73 From: Me <me@example.com>
74 To: You <you@target.edu>
79 250 2.5.0 Ok, envelope id 4BHMFEZ7PHSETMT6@vms173013.mailsrvcs.net
81 221 2.3.0 Bye received. Goodbye.
84 This works, but with the rise of STARTTLS, getting your local
85 [[Postfix]] mail server to support SMTPS requires a bit of
86 [fancyness][] with [[stunnel]]. The stunnel workaround is not too
87 complicated, but I also wanted to look into the [submission][]
88 protocol (port 587), which adapts SMTP (designed for message transfer)
89 into a similar protocol for message submission. Unfortunately,
90 Verizon does not support STARTTLS here either.
92 $ nc outgoing.verizon.net 587
93 220 vms173005.mailsrvcs.net -- Server ESMTP (...)
95 250-vms173005.mailsrvcs.net
100 250-ENHANCEDSTATUSCODES
107 250-XLOOP DA941C5B31BE4B102BB69B809BC66C4A
108 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5
113 533 5.7.1 STARTTLS command is not enabled.
115 221 2.3.0 Bye received. Goodbye.
117 In conclusion, Verizon supports a number of email submission
118 standards, but the only secure approach is to use the outdated SMTPS.
119 See my [[Postfix]] post for details on configuring Postfix to use
120 Verizon's server for outgoing mail.
122 There are a number of good SMTP authentication tutorials out there. I
123 used [John Simpson][JS] and [Erwin Hoffmann's][EH] tutorials. For
124 cleaner examples of my testing tools (`nc` and `openssl s_client`),
125 see my [[simple_servers]] post.
127 [SMTP]: http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
128 [STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS
129 [verizon]: http://www22.verizon.com/residentialhelp/fiosinternet/email/setup+and+use/questionsone/86782.htm
130 [SMTPS]: http://en.wikipedia.org/wiki/SMTPS
131 [fancyness]: http://www.postfix.org/TLS_README.html#client_smtps
132 [submission]: http://tools.ietf.org/html/rfc4409
133 [JS]: http://qmail.jms1.net/test-auth.shtml
134 [EH]: http://www.fehcom.de/qmail/smtpauth.html