On 9/21/2004 4:22, "Tony Finch" <dot@???> wrote:
> I note that some broken software (written by our favourite whipping boys
> in Redmond) insists on using tls-on-connect on ports other than 25, so you
> have to support both old nonstandard smtps on port 465, and a standard RFC
> 2476 submission server on port 587. Our recommendations can be seen at
> http://www.cam.ac.uk/cs/email/muasettings.html
>
> Also, the first author of draft-hutzler-spamops-02 works for AOL and that
> document states that ISPs MUST NOT block or intercept port 587.
Outlook Express 6.00.2900.2180 (on XP with Service Pack 2...but the same
capability before SP2 when I was testingg), is perfectly happy to do SPA
authentication on port 587, *without* TLS (don't check the This server
requires a secure connection in the Advanced tab in Tools/Accounts).
Just retested to be sure.
Note...if you have port 587 set up in Advanced and then check the This
server requires a secure connection box, the port silently switches back to
25. Which can lead one to wrong conclusions about what works.
You would need -tls-on-connect (probably on port 465) to use SSL. But
what's the point of using SSL on ONE of the hops a mail message takes? If
one needs encryption, one needs MUA-to-MUA (end-to-end) encryption. SPA at
least takes care of the desire to use SSL to protect the password.
Older versions of Lookout [Express] may well yet force us to revive our port
465 TLS on Connect setup (which is sitting safely in Subversion).
--John
