On Wed, 27 Oct 2004, Tor Slettnes wrote:
> Sure, TLS is a can of worms. However, you may still allow (secure, e.g. MD5
> or Kerberos) authentication without TLS/SSL. That way, there is no
> certificate issues, issues with no "STARTTLS" command given for SSL
> transactions on ports other than 25, or for that matter, issues with port
> numbers in the first place.
I strongly recommend that you avoid port 25 for remote submission -- the
anti-spam security measures have really screwed it up for any kind of
end-to-end use. E.g. if a Glasgow academic visits Cambridge they'd be out
of luck if they want to send email via the gla.ac.uk servers on port 25.
> Alternatively, you could always use one of the various (albeit inferior)
> SMTP-after-POP schemes, such as DRAC.
POP is a thoroughly bad idea too. It's one of the more popular ways for
our users to accidentally lose all their email through no fault of their
own.
Tony.
--
f.a.n.finch <dot@???>
http://dotat.at/
MALIN HEBRIDES: NORTHEAST 4 OR 5 INCREASING 6. RAIN LATER. GOOD BECOMING
MODERATE.