Synchronet v3.21e-Win32 (install) has been released (Mar-2026).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
faq:tcpip [2025/01/12 17:28] – [Send Mail] Create Gmail FAQ digital manfaq:tcpip [2026/01/26 14:58] (current) – [Ports] WebSocketsSecure, aka WSS digital man
Line 66: Line 66:
  
 [[http://vert.synchro.net/scanmyports.ssjs|This page]] or [[http://cvs.synchro.net/scanmyports.ssjs|this one]] can be used to scan your host (your BBS computer) for open ports and active TCP/IP (including UDP) services. **The password is //sbbs//**. [[http://vert.synchro.net/scanmyports.ssjs|This page]] or [[http://cvs.synchro.net/scanmyports.ssjs|this one]] can be used to scan your host (your BBS computer) for open ports and active TCP/IP (including UDP) services. **The password is //sbbs//**.
 +
 +Additionally, an advanced Synchronet installation may make //outbound// requests to the following ports:
 +
 +^Protocol ^TCP ^Comments^
 +|MQTT           |1883   |[[howto:MQTT|Message Queue Telemetry Transport]] |
 +|MQTT/TLS       |8883   |Secure MQTT |
 +|MQTT/WS        |1884   |MQTT over WebSockets |
 +|MQTT/WS/TLS    |8884   |MQTT over WebSocketsSecure (aka WSS) |
  
 ===== Private IP ===== ===== Private IP =====
Line 204: Line 212:
  
 :!: **Answer:**\\ :!: **Answer:**\\
-GMail.com requires mail severs have a valid "SPF"((Sender Policy Framework)) DNS record to send email to their servers. This requirement from Google is an anti-spoofing/SPAM measurement and nothing to do specifically with the Synchronet Mail Server. [[https://support.google.com/a/answer/33786?sjid=18257063204175362891-NC|Here are helpful instructions from Google on how to set up an SPF record your domain]].+GMail.com requires mail severs have a valid **SPF** DNS record to send email to their servers. This requirement from Google is an anti-spoofing/SPAM measurement and nothing to do specifically with the Synchronet Mail Server. [[https://support.google.com/a/answer/33786?sjid=18257063204175362891-NC|Here are helpful instructions from Google on how to set up an SPF record your domain]]. 
 + 
 +An SPF record is a specially formatted DNS **TXT** (text) record. You can check if your domain has an SPF record by querying the DNS for TXT records for your domain using common network tools provided with your OS such as ''host'', ''dig'', and ''nslookup''
 + 
 +  $ host -t txt vert.synchro.net 
 +  vert.synchro.net descriptive text "v=spf1 mx a -all"
  
 If you are [[howto:relay_smtp|relaying your outbound Internet mail through Vertrauen]], then it is Vertrauen's mail servers that you need to reference in your domain's SPF record (not your own): If you are [[howto:relay_smtp|relaying your outbound Internet mail through Vertrauen]], then it is Vertrauen's mail servers that you need to reference in your domain's SPF record (not your own):
Line 224: Line 237:
 You should also see evidence of the successful SMTP connection to the server in your Synchronet Mail Server window/log output. If you do not, then it's likely that your firewall or Internet Service Provider is blocking incoming connections to TCP port 25. Before concluding this is the case, verify that the remote Telnet client can connect to other SMTP servers first (e.g. ''vert.synchro.net'', TCP port 25). If it cannot, then this remote client probably has restrictions on which (if any) connections he can make to TCP port 25. Try using a different, less restricted, remote Internet connection for your test.  You should also see evidence of the successful SMTP connection to the server in your Synchronet Mail Server window/log output. If you do not, then it's likely that your firewall or Internet Service Provider is blocking incoming connections to TCP port 25. Before concluding this is the case, verify that the remote Telnet client can connect to other SMTP servers first (e.g. ''vert.synchro.net'', TCP port 25). If it cannot, then this remote client probably has restrictions on which (if any) connections he can make to TCP port 25. Try using a different, less restricted, remote Internet connection for your test. 
  
-If your firewall or Internet Service Provider is blocking incoming connections to TCP port 25 (many consumer-class ISPs do), then you won't be able to receive Internet e-mail on your BBS. Fixing your firewall configuration is rather simple, but changing ISPs is often not. One possible work-around is having a mail proxy (3rd party server) receive the e-mail for you and forward it to a non-standard, non-filtered/blocked SMTP port. Many Dynamic DNS services offer this service [[http://www.dyndns.com/services/mailhop/relay.html|for a fee]]. Or a fellow sysop may be able and willing to perform this service for you as a favor. +If your firewall or Internet Service Provider is blocking incoming connections to TCP port 25 (many consumer-class ISPs do), then you won't be able to receive Internet e-mail on your BBS. Fixing your firewall configuration is rather simple, but changing ISPs is often not. One possible work-around is having a mail proxy (3rd party server) receive the e-mail for you and forward it to a non-standard, non-filtered/blocked SMTP port. Many Dynamic DNS services offer this Mail Exchange (MX) service [[http://www.dyndns.com/services/mailhop/relay.html|for a fee]]. [[howto:vert_mx|Or a fellow sysop may be able and willing to perform this service for you as a favor]]
  
 ===== FTP Connect ===== ===== FTP Connect =====
Line 430: Line 443:
  
 :!: **Answer:**\\ :!: **Answer:**\\
-Rename/move or delete your ''[[dir:ctrl]]/cryptlib.key'' file.+Rename/move or delete your ''[[config:cryptlib.key]]'' file.
  
-If you're using TLS for your other [[server:|Synchronet servers (e.g. web, mail, ftp, etc.)]], you may also need to rename/move or delete your ''[[dir:ctrl]]/ssl.cert'' file.+If you're using TLS for your other [[server:|Synchronet servers (e.g. web, mail, ftp, etc.)]], you may also need to rename/move or delete your ''[[config:ssl.cert]]'' file. 
 + 
 +===== SSH Errors ===== 
 +:?: **Question:**\\ 
 +Should I be concerned about ssh errors in my log files? 
 + 
 +:!: **Answer**\\ 
 +A number of ssh errors are generated mainly due to clients disconnecting or not actually using a valid ssh client, such as port scanners or bots. Some of these errors are 
 + 
 +  'Internal consistency check failed' (-16) setting session active 
 +   
 +  'ENOTCONN: Socket is not connected' (-42) setting session active 
 +   
 +  'Error reading client's SSH identifier string: ETIMEDOUT: Function timed out before completion' (-41) setting session active 
 +   
 +  No data was read because the remote system closed the connection (recv() == 0)' (-41) setting session active 
 +   
 +  'Need resource to proceed' (-50) setting session active 
 +  
  
-These files (''cryptlib.key'' and ''ssl.cert'') are encrypted with the Synchronet //system password//, so if the system password is changed then these files must also be regenerated. The files are automatically recreated by //sbbs// upon startup if they do not already exist. 
 ===== See Also ===== ===== See Also =====
   * [[:server:|Servers]]   * [[:server:|Servers]]

Trace: TCP/IP Servers and Services