Detect port 465 as implicit TLS / submissions port for SMTP service?

[polarathene]

In ports2starttls() line:

 465)                ;;  # HTTPS | SMTP

should instead be?:

 465) echo "-t smtps " ;; # HTTPS | SMTP

Or is this because it can be used for URD (URL Rendesvous Directory) instead of SMTP? The nmap nmap-services file has the port listed as:

smtps   465/tcp 0.013888        # submissions | igmpv3lite | urd | smtp protocol over TLS/SSL (was ssmtp) | URL Rendesvous Directory for SSM | IGMP over UDP for SSM | URL Rendezvous Directory for SSM | Message Submission over TLS protocol
smtps   465/udp 0.000527        # smtp protocol over TLS/SSL (was ssmtp)

While my Linux systems /etc/services has:

urd               465/tcp
submissions       465/tcp
igmpv3lite        465/udp

A debian docker image for a mail server for it's /etc/services is:

submissions     465/tcp         ssmtp smtps urd # Submission over TLS [RFC8314]

nmap only recognizing smtps and not submissions for port 465 is a bit outdated as SMTPS (implicit TLS for SMTP, as an alternative to STARTTLS explicit TLS on port 25). That is no longer valid since 2018, RFC 8314 redefines port 465 as the submissions port, an implicit TLS variant of the submission port 587 (STARTTLS with auth for mail submission).

Historically the port has been used as a submissions port for quite some time prior to the 2018 RFC

Popular email relay services require auth credentials to interact with, when forwarding e-mail to be relayed to such a service, generally they offer explicit TLS with STARTTLS over port 587, or implicit TLS over port 465. This has been the case for quite some time, and how the port has often been treated prior to 465, such as MUAs submitting e-mail securely, implicit TLS alternative to port 25 with no auth has had little value due to the nature of public mail servers and was never really used like that when assigned as SMTPS.

You will find some misleading articles, some dated after the RFC in 2018 that say otherwise but are misinformed (unaware of the RFC), however some clients/servers may potentially treat port 465 as SMTPS, that shouldn't be the case with any modern clients/servers for some time now. I may have some references of where this is/was the case in my notes if required.

what exactly was happening, output is needed

When explicitly providing the port example.test:465 or using the undocumented --mx465 option, each report states:

Service detected: Couldn't determine what's running on port 465, assuming no HTTP service => skipping all HTTP checks

Presumably because of logic like in ports2starttls() or however the service is detected.

what did you expect instead?

If nmap reports smtps for port 465, then it should say something like:

Service set: SMTP over implicit TLS

or

Service set: SMTP submissions (implicit TLS)

in which case port 587 (which nmap is reporting correctly as submission) could also be updated to report(potentially helpful for resolving this STARTTLS grade issue):

Service set: SMTP submission (explicit TLS via STARTTLS)