I see on docs how to run a relaysrv on port 443.
On my vps, i am relaying on default port 22067, but i think many firewall or proxy do not allow this port. I can’t use 443 because i use it for other things.
Do you think it is stupid or dangerous to run relaysrv on port 80 ? (I do not use it actualy)
The only case when you’d want to use 443 over 22067 is to get around corporate firewalls, which should allow traffic 443 as it’s usually used for encrypted web traffic.
If you move it to 80, that’s unencrypted web traffic, hence it would potentially try to inspect the traffic, and fail because it would be encrypted, hence potentially killing the connection all together, making it worse.
Alternatively it might permit traffic on port 80 and not inspect it, in which case it would be an improvement.
But that all depends on the policies in the network.
Relaying on port 443 is a present you offers to 2 nodes when both can’t use the outbound one they want, e.g. the default 20067. So, if I have understood correctly the idea is to use a well-know-widely-opened port. 443 is not the single one, you have the 3 cyphered mail protocols 465, 993, 995, and maybe others. Although they maybe a little bit less widely opened.
Thanks all for your answers, i will do some test, i think i will try to use SMTPS 465 port.
I make some test and i change my mind, i free 443 and move my service to 465 that works too. Now i make the relaySRV listen on 443 with a iptable nat rule. I restart it and i can see it on relays.syncthing.net, i force my nodes to use it and it seems to works well
Many thanks for your help.
My marvellous idea to use a well known secure mail port … is BAD. It triggers Avast mail agent about a certificate problem, making it believe there is a mail server at relay end.