Verizon blocks outgoing connections on port 25 ([SMTP][]) unless you
are connecting to their `outgoing.verizon.net` message exchange
server.  This server requires authentication with your Verzon
username/password before it will accept your mail.  For the purpose of
this example, our Verizon username is `jdoe`, our Verizon password is
`YOURPASS`, and were sending email from `me@example.com` to
`you@target.edu`.

    $ nc outgoing.verizon.net 25
    220 vms173003pub.verizon.net -- Server ESMTP (...)
    mail from: <jdoe@example.com>  
    550 5.7.1 Authentication Required
    quit
    221 2.3.0 Bye received. Goodbye.

Because authenticating over an unencrypted connection is a Bad Idea™,
I was looking for an encrypted way to send my outgoing email.
Unfortunately, Verizon's exchange server does not support [STARTTLS][]
for encrypting connections to `outgoing.verizon.net:25`:

    $ nc outgoing.verizon.net 25
    220 vms173003pub.verizon.net -- Server ESMTP (...)
    ehlo example.com
    250-vms173003pub.verizon.net
    250-8BITMIME
    250-PIPELINING
    250-CHUNKING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-HELP
    250-XLOOP E9B7EB199A9B52CF7D936A4DD3199D6F
    250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5
    250-AUTH=LOGIN PLAIN
    250-ETRN
    250-NO-SOLICITING
    250 SIZE 20971520
    starttls
    533 5.7.1 STARTTLS command is not enabled.
    quit
    221 2.3.0 Bye received. Goodbye.

Verizon [recommends][verizon] pre-STARTTLS approach of wrapping the
whole SMTP connection in TLS ([SMTPS][]), which it provides via
`outgoing.verizon.net:465`:

    $ python -c 'from base64 import *; print b64encode("\0jdoe@verizon.net\0YOURPASS")'
    AGpkb2VAdmVyaXpvbi5uZXQAWU9VUlBBU1M=
    $ openssl s_client -connect outgoing.verizon.net:465
    ...
    220 vms173013pub.verizon.net -- Server ESMTP (...)
    ehlo example.com
    250-vms173013pub.verizon.net
    250-8BITMIME
    250-PIPELINING
    250-CHUNKING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-HELP
    250-XLOOP 9380A5843FE933CF9BD037667F4C950D
    250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5
    250-AUTH=LOGIN PLAIN
    250-ETRN
    250-NO-SOLICITING
    250 SIZE 20971520
    auth plain AGpkb2VAdmVyaXpvbi5uZXQAWU9VUlBBU1M
    235 2.7.0 plain authentication successful.
    mail from: <me@example.com>
    250 2.5.0 Address Ok.
    rcpt to: <you@target.edu>
    250 2.1.5 you@target.edu OK.
    data
    354 Enter mail, end with a single ".".
    From: Me <me@example.com>
    To: You <you@target.edu>
    Subject: testing

    hello world 
    .
    250 2.5.0 Ok, envelope id 4BHMFEZ7PHSETMT6@vms173013.mailsrvcs.net
    quit
    221 2.3.0 Bye received. Goodbye.
    closed

This works, but with the rise of STARTTLS, getting your local
[[Postfix]] mail server to support SMTPS requires a bit of
[fancyness][] with [[stunnel]].  The stunnel workaround is not too
complicated, but I also wanted to look into the [submission][]
protocol (port 587), which adapts SMTP (designed for message transfer)
into a similar protocol for message submission.  Unfortunately,
Verizon does not support STARTTLS here either.

    $ nc outgoing.verizon.net 587
    220 vms173005.mailsrvcs.net -- Server ESMTP (...)
    ehlo example.com
    250-vms173005.mailsrvcs.net
    250-8BITMIME
    250-PIPELINING
    250-CHUNKING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-EXPN
    250-HELP
    250-XADR
    250-XSTA
    250-XCIR
    250-XGEN
    250-XLOOP DA941C5B31BE4B102BB69B809BC66C4A
    250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5
    250-AUTH=LOGIN PLAIN
    250-NO-SOLICITING
    250 SIZE 20971520
    starttls
    533 5.7.1 STARTTLS command is not enabled.
    quit
    221 2.3.0 Bye received. Goodbye.

In conclusion, Verizon supports a number of email submission
standards, but the only secure approach is to use the outdated SMTPS.
See my [[Postfix]] post for details on configuring Postfix to use
Verizon's server for outgoing mail.

There are a number of good SMTP authentication tutorials out there.  I
used [John Simpson][JS] and [Erwin Hoffmann's][EH] tutorials.  For
cleaner examples of my testing tools (`nc` and `openssl s_client`),
see my [[simple_servers]] post.

[SMTP]: http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
[STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS
[verizon]: http://www22.verizon.com/residentialhelp/fiosinternet/email/setup+and+use/questionsone/86782.htm
[SMTPS]: http://en.wikipedia.org/wiki/SMTPS
[fancyness]: http://www.postfix.org/TLS_README.html#client_smtps
[submission]: http://tools.ietf.org/html/rfc4409
[JS]: http://qmail.jms1.net/test-auth.shtml
[EH]: http://www.fehcom.de/qmail/smtpauth.html

[[!tag tags/linux]]
[[!tag tags/tools]]
[[!tag tags/web]]