Have you ever read the 'SSL Proxy and TLS Support' section in the GUI- for
example 'DoTLS'?
Thomas
Von: "Jay F. Shachter" <j...@m5.chicago.il.us>
An: assp-user@lists.sourceforge.net
Datum: 20.04.2015 19:42
Betreff: Re: [Assp-user] STARTTLS on port 25
Centuries ago, Nostradamus predicted that Grayhat would write on Mon Apr
20 02:07:18 2015:
>
>> This is, in a sense, the right thing to do, because even if my Postfix
>> accepted the STARTTLS command (it does not), port 25 is not the
>> appropriate port on which to send it; it should be sent to port 587
>
> nope, port 25 may (and usually does) accept a STARTTLS command and
> upgrade the session to SSL; port 587 is the "submit" port and, as for
> the RFCs it should enforce authentication and may optionally support
> STARTTLS, then there's port 465 which is widely used for implicit SSL
> what I suspect is that you're confusing explicit SSL and implicit SSL
> usage
>
Thank you for correcting me. I had thought that the difference
between port 587 and port 465 (other than that port 465 is not
mentioned in any RFC, and is only an informal custom of the Internet)
was that conversations on port 587 were supposed to start out
unencrypted, and then become encrypted after a STARTTLS, whereas
conversations on port 465 were supposed to be encrypted throughout.
I also thought that port 25 was supposed to be for unencrypted
traffic.
Based on what you have told me, above, I now understand that the
distinguishing characteristic of port 587 is that it enforces
authentication. It may also, optionally, support STARTTLS, but, again
based on the above, STARTTLS support is not required by the RFC, nor
is it unique to port 587, because port 25 may also support STARTTLS.
My original question, however, remains unanswered. Assuming that
there are no reasons not to allow STARTTLS on port 25 (I had wondered,
for example, whether encrypted traffic on port 25 might be nothing
more than an attempt to evade content-based mail filtering) -- is it
possible to implement it in ASSP, rather than in the MTA that lies
behind ASSP? That is to say, is it possible to configure ASSP in such
a way that ASSP can handle encrypted traffic in a way that is
transparent to Postfix, so that ASSP decrypts incoming traffic, when
necessary, on its way to Postfix, and encrypts outgoing traffic, when
necessary, on its way from Postfix, so that port 25 can handle both
unencrypted and encrypted connections, although Postfix is configured
to handle only unencrypted connections?
Jay F. Shachter
6424 N Whipple St
Chicago IL 60645-4111
(1-773)7613784 landline
(1-410)9964737 GoogleVoice
j...@m5.chicago.il.us
http://m5.chicago.il.us
"Quidquid latine dictum sit, altum videtur"
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live
exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
