Am 02.04.2011 21:00, schrieb Alex: >> Fix your client to properly use TLS AND THEN SASL. > > I'm using the K9 client for Android. Using this method with TLS and > SASL I need port 25 open for SMTP and TLS, and 587 for submission and > SASL, correct?
i believe you need some clarify SASL-Auth and TLS/SSL are independent TLS/SSL is the first step 587 = submission and implicit SASL-Auth, TLS may 25 = SASL may, TLS may 465 = smtps (no TLS handshake, it is SSL per definition) the point is that TLS happens while connecting on 25/587 the server OFFERS TLS, but it is not requested so the first part of the connection is unencrypted after the client "sees" STARTTLS the SSL handshake can follow or even not on port 465 there is no "may offer", 465 is dedicated SSL SASL-Authentication happens AFTER the connection/tls/ssl-handshake that is why "SASL only after TLS" makes no sense SASL is used for allow or deny relay 587 (submission) is used only for authenticated clients 25 CAN be used for that, but is blocked by many providers because it maybe used without Authentication because other mailservers deliver their messages over port 25 to you and they can not authenticate to a MX for normal relaying their users mail that is why 25 form most client-networks is blocked outgoing because spambots are using port 25 for their crap and if yiu have a account you should use 587 for submit your messages to your mail-provider
signature.asc
Description: OpenPGP digital signature
