Author: Kjetil Torgrim Homme Date: To: Bill Hacker CC: exim Subject: Re: [exim] Setup for authenticated submission
On Wed, 2006-01-18 at 18:00 +0800, Bill Hacker wrote: > tls_on_connect_ports = 465 : 587 <IF and ONLY IF using old-style SSL
> instead of STARTTLS. MUA-dependent>
there is NO good reason to use tls_on_connect on port 587. this will
only cause interoperability woes.
> Note that this does not *prevent* an MUA from connecting on port 25, nor
> force it to use SSL/TLS if it does so.
or vice versa for MTA's connecting to 587. we actually experienced that
yesterday, an MTA set up to use port 587, ostensibly for security
purposes! luckily we had put in a check for this and deny
unauthenticated sending on ports other than 25 (we support 465 and 587
as MSA).