Daniel Tiefnig wrote: | Chris Edwards wrote: | > Makes sense. But then it can be argued the bad guy only needs EITHER | > the password OR the data. If he can sniff the content itself on the | > wire, then why bother trying to protect the password ? | | So he/she can't relay via my servers using the sniffed user/pass ...
OK, right. I guess it's also often true that submission will happen over an easy-to-sniff link (public wireless, cybercafe, hotel) whereas, by contrast, the MTA->MTA traffic is normally over hard-to-sniff networks comprising the core of the Internet. Bill Hacker wrote: | TLS for submisson, TLS for POP/IMAP, and TLS for MX - MX does give | nearly end-to-end protection between/among corporate servers. Ye, this is precisely we were thinking - hence my asking this question. It seems like we can get MTA->MTA encryption (albeit without authentication) for "almost" free. But if folk running large sites are suggesting caution, then we will heed that advice. ( with around 30,000 users I guess we're a small/medium site ) I wonder if this will be less painful in a couple of years. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
