On 2/27/26 13:20, Ivan Leonardo wrote:
BTW Pakai firewall apa sih?
Pakai Fortigate Pak, sy sudah cek di policynya tidak ada blocking port
yg berhubungan dengan MD, semua port yg berhubungan sudah allow, misal
port 143, 587 kalau sy telnet dari inet berhasil pak
Telnet pakai plain (non SSL/TLS)?
Ya memang bisa, dan itu artinya routing port sudah open/allow di
fortinet firewall.
Yang bikin masalah adalah SSL/TLS packet inspection (aka proxy
inspector) di fortinet yang masih memfilter TLS port 143 dan SSL port 443.
TLS (a.k.a DNS over TLS terminologi Fortiget) di port 587 tidak
terfilter oleh deep packet inspection, bisa dijadikan rujukan.
https://docs.fortinet.com/document/fortigate/7.6.6/administration-guide/122078/deep-inspection
When you use deep inspection, the FortiGate impersonates the recipient
of the originating SSL session, then decrypts and inspects the content
to find threats and block them. It then re-encrypts the content and
sends it to the real recipient.
Deep inspection not only protects you from attacks that use HTTPS, it
also protects you from other commonly-used SSL-encrypted protocols such
as SMTPS, POP3S, IMAPS, and FTPS.
--
syafril
--------
Syafril Hermansyah
MDaemon-L Moderator, run MDaemon 26.0.0 Beta D
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.
Experience is a hard teacher because she gives the test first, the
lesson afterwards.
--- Vernon Saunders Law
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 25.5.2, SecurityGateway 12.0.0
