Re: [Exim] SMTP

Top Page
Delete this message
Reply to this message
Author: James P Roberts
Date:  
To: Exim-Users \(E-mail\)
Subject: Re: [Exim] SMTP
----- Original Message -----
From: "Alan J. Flavell" <a.flavell@???>
To: "Exim-Users (E-mail)" <exim-users@???>
Sent: Wednesday, June 30, 2004 12:17 PM
Subject: Re: [Exim] SMTP


> On Wed, 30 Jun 2004, Ron McKeating wrote:
>
> > There is no circumstance we would want users using authenticated
> > smtp over an insecure connection.
>
> Same here - just in case there was any misunderstanding.
>
> The plan is that inside, they use neither TLS nor authentication;
> from outside, they use both.
>
> I'm not saying anything here against the other valid points that have
> been raised. Just trying to clarify that issue.
>


Why not use TLS + AUTH inside as well? It simplifies the configuration of
clients. Nobody has to reconfigure when moving around. It adds that much
more protection from hackers getting inside the network. It adds very
little overhead. It can simplify your ACL's. Give me a minute, I can
probably think of more reasons... ;)

I also second the notion that you should use tls-on-connect on port 465 and
TLS on port 587 to support all clients.

Jim Roberts
Punster Productions, Inc.