Hi, Many sites now have an elegant setup where submission happens on port 465/587, where both TLS and AUTH are mandatory. Port 25 is used for MTA->MTA traffic, hence no need for AUTH on port 25.
However I'm noticing many such sites with the above setup who don't offer TLS on port 25 of the MX servers. Is there a particular reason for this ? OK, for MTA->MTA traffic, there's normally no check of a certificate, so no defence against man-in-the-middle attacks. But at least you get "opportunistic encryption" of incoming mail, whereby the traffic is scrambled over the wire, defending against a passive eavesdropper. Any obvious pitfalls in supporting TLS on port 25 of the MX servers ? Are folk just turning it off to save CPU ? Thanks for any clue. Chris -- Chris Edwards, Glasgow University Computing Service -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
