Florian Weimer wrote: > * Marc Sherman: > >> Why allow TLS on port 25 at all? There's not much security value in TLS >> for random MTA-MTA traffic. > > It prevents passive eavesdropping (by content-filtering transit ISPs, > for instance). Some mail peers have also hard-wired our certificate > into their systems, without actually using SMTP submission.
That's a false sense of security; there's so many other insecure parts of the chain (such as subsequent relay hops beyond your server) where the message can be intercepted, that it doesn't add any value. In fact, it's probably a loss, because people might think their mail was secure when in fact it isn't. - Marc -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
