Unsecured SMTP from web servers to be blocked beginning on 29 May 2021

sean

At 00:00 UTC on 29 May 2021 we will begin blocking unsecured outgoing SMTP connections from Opalstack web servers by blocking outgoing port 25 in our network firewalls.

If you are running an application on an Opalstack web server that makes SMTP connections to external SMTP servers then please ensure that your application is configured to connect securely over port 465 or port 587.

Applications that use the native PHP mail function and other apps that use sendmail directly on the server will not be affected by this change.

dragonxi

Hi Sean,

(1) Just in case we checked all our email client
settings and found them to be ok:
(a)
Outgoing Server:
smtp.de.opalstack.com
Security type: SSL
Port: 465
Require Authentication to send mail

(b) = (a) except
smtp.us.opalstack.com

(2) we don't have any server apps sending email

(3) will your change be applied to
(a) smtp.de.opalstack.com - only ?
(b) smtp.us.opalstack.com:- also ?

(4) welcome change, because
we also have had problems trying to send email
both with Germany and USA
mail servers and
with several OS,
with different devices,
with client software such as
Thunderbird and Samsung Termius

to name few platforms.

sean

dragonxi This change only affects our web servers. Your desktop and mobile mail clients are not affected.

dragonxi

(3) will your change be applied to
(a) smtp.de.opalstack.com - only ?
(b) smtp.us.opalstack.com:- also ?

sean

dragonxi This change is not being applied to our SMTP servers at all.

The change is being applied to our web servers to prevent unsecured outgoing SMTP connections from our web servers.

This will not effect the use of your desktop and mobile mail clients at all.

ttavoy

Good morning Sean. You mention, "we will begin blocking unsecured outgoing SMTP connections from Opalstack web servers by blocking outgoing port 25 in our network firewalls."

What about mutt?

When Webfaction made a similar change in 2016, a certain seanf replied in response to query, "If you have configured mutt to use an external SMTP server, then you will need to check your mutt configuration to ensure that it is connecting to that external server via 465 or 587. If you have not configured mutt to use an external SMTP server, then it is using your server's local sendmail, and you don't need to change anything."

Does that still apply?

While on the subject, in 2017 Webfaction experimented with a further change: "By default, mail sent through sendmail is from a user@host.webfaction.com address, where user is your username and host is the name of the server. Our mail system will not allow messages to be sent from such addresses, so be sure to set a valid sender address in your application."

They then reverted the change (I think because it was disrupting some customers' wordpress sites). Is that still a potential issue?

sean

ttavoy if you're running mutt or any other application on an Opalstack web server (ie not on your own computer or mobile device) and have it configured to connect insecurely via port 25 to a SMTP server, then yes you will be affected by this change exactly as you were at WebFaction.

The cron mail issue from WF that you mentioned is, by design, not an issue here at Opalstack.

ttavoy

sean OK thanks but my second question is more about the "from" address in email sent by a web app.

mutt sets the "from" address to name@host.opalstack.com (where 'name' and 'host' are the user and server that the app was installed on)

I'm not clear about whether or how this fits with the knowledgebase rule that says "Mail sent from your Opalstack email service can be sent only from addresses for which the domain meets the following criteria: [...] The domain has been added to the Domain List in your Opalstack control panel."

sean

ttavoy in my experience mutt sets your from address to whatever you tell it to use in your mutt configuration.

The same applies to web applications, ie you configure your mail settings and they use those settings.

None of this will change when we implement the outgoing port 25 block on 29 May 2021. Whatever working outgoing addresses you're using right now will continue to work.