Re: [gentoo-user] Technical imap mail question

2015-10-16 Thread Mick 
On Friday 16 Oct 2015 06:14:18 Tuomo Hartikainen wrote:
> On 2015-10-15 23:01, Mick wrote:
> > On Thursday 15 Oct 2015 18:04:22 walt wrote:
> > > My ISP recently started offering imap email service in addition to
> > > the pop3/smtp servers they've always had, so I decided to try it.
> > > 
> > > I was surprised to see that they recommend using a different smtp
> > > server name when setting up my mail client, and they even offer the
> > > option of using port 587 instead of 465 if I prefer it.
> > > 
> > > Why would I use a different smtp server if I'm now using imap?  I use
> > > smtp to send mail, and imap to read it, right?  Why not use the same
> > > smtp server in either case?
> > > 
> > > (The different server names actually resolve to the same IP address, so
> > > the distinction seems to be more theoretical than real, but the theory
> > > is what puzzles me.)
> > > 
> > > Thanks.
> > 
> > Port 587 is for TLS and is the proper port to be used by MSAs as per
> > RFC6409.
> > 
> > Port 467 on the other hand is for SMTPS:  vanilla SMTP at the application
> > level, but the communication to the server is still secured at the
> > transport layer with SSL.  This was an IANA attempt to provide a port
> > for secure email communication pre-STARTTLS days.  Today I think may be
> > used for other purposes, but I am not sure if it is TCP or UDP
> > streaming.
> 
> As a clarification: port 587 *may* be used with STARTTLS while port 465
> is the actual SSL/TLS port.

Yes indeed, the TLS usage is coincidental with RFC6409, rather than specified 
by it and even the use of port 587 is not obligatory (port 25 can still be 
used).  As I mentioned port 465 is not specified by IETF, but was offered by 
IANA to run SMTP over an SSL secure connection but this was rescinded some 
time later.

The thing with STARTTLS is that the client may decide to degrade the 
communication to plain text, if what is sent by the server (protocol, cipher, 
etc.) is deemed not appropriate.  Some clients won't even notify the user.  
MITM attacks can be engineered to intercept a communication with a mail server 
to degrade the connection from the MUA on purpose.  A dedicated TLS connection 
would be the best thing and some setups offer 465 for this purpose.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Technical imap mail question

2015-10-15 Thread Terry Z. 
It's likely worth noting that while they may resolve to the same point now,
there is nothing requiring the IMAP server (reading the mail stored on a
server) to match that is the SMTP server  (outgoing mail). They are
entirely different purposes and protocols which do not need to live in the
same place.  Makes perfect sense that they have different DNS names as they
may live on different endpoints at some point.

This is one of the entire reasons we name things with DNS anyway. :)
On Oct 15, 2015 6:02 PM, "Mick"  wrote:

> On Thursday 15 Oct 2015 18:04:22 walt wrote:
> > My ISP recently started offering imap email service in addition to
> > the pop3/smtp servers they've always had, so I decided to try it.
> >
> > I was surprised to see that they recommend using a different smtp
> > server name when setting up my mail client, and they even offer the
> > option of using port 587 instead of 465 if I prefer it.
> >
> > Why would I use a different smtp server if I'm now using imap?  I use
> > smtp to send mail, and imap to read it, right?  Why not use the same
> > smtp server in either case?
> >
> > (The different server names actually resolve to the same IP address, so
> > the distinction seems to be more theoretical than real, but the theory
> > is what puzzles me.)
> >
> > Thanks.
>
> Port 587 is for TLS and is the proper port to be used by MSAs as per
> RFC6409.
>
> Port 467 on the other hand is for SMTPS:  vanilla SMTP at the application
> level, but the communication to the server is still secured at the
> transport
> layer with SSL.  This was an IANA attempt to provide a port for secure
> email
> communication pre-STARTTLS days.  Today I think may be used for other
> purposes, but I am not sure if it is TCP or UDP streaming.
>
> Port 25 (outgoing) is blocked by most domestic ISPs to guard against the
> millions of pawned botnets out there filling out inboxes with spam.
>
> The question about a different SMTP server might have something to do with
> your ISP adding a new SMTP mailserver to their farm and configuring it
> properly this time as per RFC6409.  Although as Alan said, they probably
> rolled out whatever the chosen ISP package software vendor provided for
> them
> without knowing much about it, or why it is configured the way it is
> configured.
>
> --
> Regards,
> Mick
>

Re: [gentoo-user] Technical imap mail question

2015-10-15 Thread Bill Kenworthy 
On 16/10/15 02:00, Michael Orlitzky wrote:
> On 10/15/2015 01:04 PM, walt wrote:
>> My ISP recently started offering imap email service in addition to
>> the pop3/smtp servers they've always had, so I decided to try it.
>>
>> I was surprised to see that they recommend using a different smtp
>> server name when setting up my mail client, and they even offer the
>> option of using port 587 instead of 465 if I prefer it.
>>
>> ...
>>
>> (The different server names actually resolve to the same IP address, so
>> the distinction seems to be more theoretical than real, but the theory
>> is what puzzles me.)
>>
> 
> Port 587 offers optional TLS security, and it uses an "SSL certificate"
> just like a website. And just like a website, there's a name on the
> certificate, and that name has to match what you type in the "SMTP
> server" box, otherwise your mail client will throw a warning.
> 
> 
> 

which makes sense if their old server was called pop3.isp ?

Avoiding user confusion - map pop3.isp, imap.isp and mail.isp to the
same address.

Pre-planning for future expansion/configuration changes?

d) all the above :)

BillK

Re: [gentoo-user] Technical imap mail question

2015-10-15 Thread Mick 
On Thursday 15 Oct 2015 18:04:22 walt wrote:
> My ISP recently started offering imap email service in addition to
> the pop3/smtp servers they've always had, so I decided to try it.
> 
> I was surprised to see that they recommend using a different smtp
> server name when setting up my mail client, and they even offer the
> option of using port 587 instead of 465 if I prefer it.
> 
> Why would I use a different smtp server if I'm now using imap?  I use
> smtp to send mail, and imap to read it, right?  Why not use the same
> smtp server in either case?
> 
> (The different server names actually resolve to the same IP address, so
> the distinction seems to be more theoretical than real, but the theory
> is what puzzles me.)
> 
> Thanks.

Port 587 is for TLS and is the proper port to be used by MSAs as per RFC6409.

Port 467 on the other hand is for SMTPS:  vanilla SMTP at the application 
level, but the communication to the server is still secured at the transport 
layer with SSL.  This was an IANA attempt to provide a port for secure email 
communication pre-STARTTLS days.  Today I think may be used for other 
purposes, but I am not sure if it is TCP or UDP streaming.

Port 25 (outgoing) is blocked by most domestic ISPs to guard against the 
millions of pawned botnets out there filling out inboxes with spam.

The question about a different SMTP server might have something to do with 
your ISP adding a new SMTP mailserver to their farm and configuring it 
properly this time as per RFC6409.  Although as Alan said, they probably 
rolled out whatever the chosen ISP package software vendor provided for them 
without knowing much about it, or why it is configured the way it is 
configured.

-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Technical imap mail question

2015-10-15 Thread Tuomo Hartikainen 
On 2015-10-15 23:01, Mick wrote:
> On Thursday 15 Oct 2015 18:04:22 walt wrote:
> > My ISP recently started offering imap email service in addition to
> > the pop3/smtp servers they've always had, so I decided to try it.
> > 
> > I was surprised to see that they recommend using a different smtp
> > server name when setting up my mail client, and they even offer the
> > option of using port 587 instead of 465 if I prefer it.
> > 
> > Why would I use a different smtp server if I'm now using imap?  I use
> > smtp to send mail, and imap to read it, right?  Why not use the same
> > smtp server in either case?
> > 
> > (The different server names actually resolve to the same IP address, so
> > the distinction seems to be more theoretical than real, but the theory
> > is what puzzles me.)
> > 
> > Thanks.
> 
> Port 587 is for TLS and is the proper port to be used by MSAs as per RFC6409.
> 
> Port 467 on the other hand is for SMTPS:  vanilla SMTP at the application 
> level, but the communication to the server is still secured at the transport 
> layer with SSL.  This was an IANA attempt to provide a port for secure email 
> communication pre-STARTTLS days.  Today I think may be used for other 
> purposes, but I am not sure if it is TCP or UDP streaming.

As a clarification: port 587 *may* be used with STARTTLS while port 465
is the actual SSL/TLS port.

-- 
Tuomo Hartikainen

[gentoo-user] Technical imap mail question

2015-10-15 Thread walt 
My ISP recently started offering imap email service in addition to
the pop3/smtp servers they've always had, so I decided to try it.

I was surprised to see that they recommend using a different smtp
server name when setting up my mail client, and they even offer the
option of using port 587 instead of 465 if I prefer it.

Why would I use a different smtp server if I'm now using imap?  I use
smtp to send mail, and imap to read it, right?  Why not use the same
smtp server in either case?

(The different server names actually resolve to the same IP address, so
the distinction seems to be more theoretical than real, but the theory
is what puzzles me.)

Thanks.

Re: [gentoo-user] Technical imap mail question

2015-10-15 Thread J. Roeleveld 
On 15 October 2015 19:04:22 CEST, walt  wrote:
>My ISP recently started offering imap email service in addition to
>the pop3/smtp servers they've always had, so I decided to try it.
>
>I was surprised to see that they recommend using a different smtp
>server name when setting up my mail client, and they even offer the
>option of using port 587 instead of 465 if I prefer it.
>
>Why would I use a different smtp server if I'm now using imap?  I use
>smtp to send mail, and imap to read it, right?  Why not use the same
>smtp server in either case?
>
>(The different server names actually resolve to the same IP address, so
>the distinction seems to be more theoretical than real, but the theory
>is what puzzles me.)
>
>Thanks.

If it's the same IP. Then there is no difference.
Maybe they have load balancing on the 'new' hostname. Or are planning on 
implementing it.

As for why to use a different SMTP server for IMAP. I have mine configured to 
store a copy of all emails sent with certain 'from' addresses in a Sent-folder 
for that particular email address.
They might do a similar thing.

For POP-users, this doesn't make sense.

Other than that, I can't think of a reason.

--
Joost
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [gentoo-user] Technical imap mail question

2015-10-15 Thread Michael Orlitzky 
On 10/15/2015 01:04 PM, walt wrote:
> My ISP recently started offering imap email service in addition to
> the pop3/smtp servers they've always had, so I decided to try it.
> 
> I was surprised to see that they recommend using a different smtp
> server name when setting up my mail client, and they even offer the
> option of using port 587 instead of 465 if I prefer it.
> 
> ...
> 
> (The different server names actually resolve to the same IP address, so
> the distinction seems to be more theoretical than real, but the theory
> is what puzzles me.)
> 

Port 587 offers optional TLS security, and it uses an "SSL certificate"
just like a website. And just like a website, there's a name on the
certificate, and that name has to match what you type in the "SMTP
server" box, otherwise your mail client will throw a warning.

Re: [gentoo-user] Technical imap mail question

2015-10-15 Thread Alan McKinnon 
On 15/10/2015 19:04, walt wrote:
> My ISP recently started offering imap email service in addition to
> the pop3/smtp servers they've always had, so I decided to try it.
> 
> I was surprised to see that they recommend using a different smtp
> server name when setting up my mail client, and they even offer the
> option of using port 587 instead of 465 if I prefer it.
> 
> Why would I use a different smtp server if I'm now using imap?  I use
> smtp to send mail, and imap to read it, right?  Why not use the same
> smtp server in either case?
> 
> (The different server names actually resolve to the same IP address, so
> the distinction seems to be more theoretical than real, but the theory
> is what puzzles me.)



Let me clue you in a little about what goes on with mail at your regular
ISP level.

The days when the mail admin was a hotshot guru are long long gone.
Those same gurus are now off doing other cool shiny stuff (like
telegram); and all us sysadmins are so over mail like we are over
cassette tapes.

Your average person now doing mail or more often than not somewhere
between low and mid level. And worse, they often don't know what they
are doing. Who knows why they communicate some of the things they do,
because I sure don't. That, unfortunately, is the average state of
affairs today.

This might well not be the case for your ISP, but like you I can't see a
good reason to use a different name for outbound mail.

Have you asked them why as a direct question?


-- 
Alan McKinnon
alan.mckin...@gmail.com