Saturday, January 25, 2014, 12:24:35 PM, Jasen wrote: > On 2014-01-23, Heiko Schlittermann <[email protected]> wrote:
>> 25/smtp is for MTA -> MTA communication >> TLS depends on the options offered by the receiving >> and the options choosen by the sending side, thus >> is part of the SMTP protocol (command STARTTLS) >> >> 465/smtps is used by some excotic (?) MUAs for message submission >> TLS is negotiated on prior to the start of the >> SMTP protocol > 465 is deprecated, yet becoming increasingly more common, > most MUAs that do starttls also support it. it's the only way to > submit mails to the gmail SMTP service. Port 465 is not the only way email gets submitted to gmail. >> 587/submission >> is for MUA -> MTA communication >> TLS depends on the options offered by the receiving >> and the options choosen by the sending side, thus >> is part of the SMTP protocol (command STARTTLS) >> For SMTP TLS is a nice to have, I'd say. >> For message submission I'd say you've no option, I'd always enforce the >> use of STARTTLS befor authentication. > CRAM-MD5 is reasonably secure, but does require the host to retain the > password in cleartext. most clients capable of CRAM-MD5 are probably > also TLS capable, so this may not be a big advantage. >> For SMTP you want to use port 465 for that. (Better: you do not want >> this tls-on-connect at all! It's not standard.) > yeah, standards are, in general, good. > -- > For a good time: install ntp -- Best regards, Duane mailto:[email protected] -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
