On 2014-01-23, Heiko Schlittermann <[email protected]> wrote: > 25/smtp is for MTA -> MTA communication > TLS depends on the options offered by the receiving > and the options choosen by the sending side, thus > is part of the SMTP protocol (command STARTTLS) > > 465/smtps is used by some excotic (?) MUAs for message submission > TLS is negotiated on prior to the start of the > SMTP protocol
465 is deprecated, yet becoming increasingly more common, most MUAs that do starttls also support it. it's the only way to submit mails to the gmail SMTP service. > 587/submission > is for MUA -> MTA communication > TLS depends on the options offered by the receiving > and the options choosen by the sending side, thus > is part of the SMTP protocol (command STARTTLS) > For SMTP TLS is a nice to have, I'd say. > For message submission I'd say you've no option, I'd always enforce the > use of STARTTLS befor authentication. CRAM-MD5 is reasonably secure, but does require the host to retain the password in cleartext. most clients capable of CRAM-MD5 are probably also TLS capable, so this may not be a big advantage. > For SMTP you want to use port 465 for that. (Better: you do not want > this tls-on-connect at all! It's not standard.) yeah, standards are, in general, good. -- For a good time: install ntp -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
