>>>>> "James" == James B Byrne <byrn...@harte-lyne.ca> writes:
James> On Mon, December 21, 2020 20:00, Jaroslaw Rafa wrote: >> >> If you are able to connect via 465, then maybe the application just isn't >> designed to use "inline" TLS, but rather uses only SMTP-over-TLS? The latter >> is supported on port 465, while submission via port 587 requires first >> plaintext connection and then dynamic in-session switchover to TLS, using >> STARTTLS command. Maybe your application just does not support that? James> That is a possibility. However, having looked at the example James> configurations and discussions on the application support James> groups, it appears to me that connecting to port 25 with James> STARTTLS is the accepted practice. James> The problem I had with the certificate negotiation is not James> uncommon with this application, due to Java's rather James> idiosyncratic PKI certificate handling. I had reason to believe James> that when I finally solved that problem then everything else James> would just work. The SSLv3 problem was a surprise, but was James> easily compensated for. But, I still cannot get this James> application to send email so there must be something else that James> I have done, or not done, which is preventing this from James> working. James> And it seems that I am past the SSL problems and into SMTP, I hope. Why don't you setup a local only postfix instance on the same host as the application, which only listed on 127.0.0.1:25, which the dumb Java app can then send email through *without encryption*, then let the local postfix instance do all the hard work of sending the email to other servers using encryption? It seems like the simpler setup to get working right, and gets most of the pain in the Java app out of the way. John
