:: On Tue, 21 Apr 2015 07:56:40 +0200 :: > Have you ever read the 'SSL Proxy and TLS Support' section in the > GUI- for example 'DoTLS'?
I was about to write the same :) getting back to Jay's message... > Thank you for correcting me. I had thought that the difference > between port 587 and port 465 (other than that port 465 is not > mentioned in any RFC, and is only an informal custom of the Internet) > was that conversations on port 587 were supposed to start out > unencrypted, and then become encrypted after a STARTTLS, whereas > conversations on port 465 were supposed to be encrypted throughout. > I also thought that port 25 was supposed to be for unencrypted > traffic. not exactly; nowadays, more and more MTAs/MUAs use STARTTLS to route email over port 25 if the MTA offers it (at the EHLO); this is done to help increasing privacy and security (from/to and in general the email contents can't be sniffed) > Based on what you have told me, above, I now understand that the > distinguishing characteristic of port 587 is that it enforces > authentication. It may also, optionally, support STARTTLS, but, again > based on the above, STARTTLS support is not required by the RFC, nor > is it unique to port 587, because port 25 may also support STARTTLS. my rule of thumb, when possible, is to ONLY support AUTH over encrypted connections, this means that if you want to authenticate you'll *have* to connect to the box over SSL; this quite help avoiding credentials thefts like for example, the one happening to people connecting over untrusted public spots :) > My original question, however, remains unanswered. Assuming that > there are no reasons not to allow STARTTLS on port 25 (I had wondered, on the other hand there are NO reasons to avoid enabling it on 25/tcp > for example, whether encrypted traffic on port 25 might be nothing > more than an attempt to evade content-based mail filtering) -- is it > possible to implement it in ASSP, rather than in the MTA that lies > behind ASSP? see top :) ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
