On 2021/08/10 10:28, Andrew C Aitchison via mailop wrote: > On Mon, 9 Aug 2021, Thomas Walter via mailop wrote: > > > https://nostarttls.secvuln.info/ > > > > Their conclusion is that all vulnerabilities rely on the transition of > > an insecure connection to a secure connection. > > If possible, we recommend that users check and configure their email > clients to use SMTP, POP3 and IMAP with implicit TLS on dedicated ports, > i.e., SMTP/Submission on port 465, POP3 on port 995, and IMAP on port 993. > This is in line with already existing recommendations in RFC 8314 and was > already recommended by security professionals before. > > It is a pity that 587 is the offical smtp submission port > whilst TLS-on-connect port 465 is merely "traditional".
465 was made official before the above-mentioned RFC was published. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=submissions _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
