Author: Bill Hacker Date: To: exim-users Subject: Re: [exim] Setup for authenticated submission
Jakob Hirsch wrote:
> Bill Hacker wrote:
>
>
>>>bad idea. While RFC 2476 does not explicitly specify it, all
>>>installations I know of use STARTTLS.
>
>
> "on this port", that is.
>
>
>>We have the "luxury" of not having to cater to WinWoes or Apple 'native'
>>alleged-MUA's, and use different SSL arrival ports for:
>
>
>>- faster setup than STARTTLS
>
>
> I use the smtps port (465) for this.
So do we.
And several others I edited-out
No shortage of ports....
>
>
>>- helping 'ban' MUA's we don't want to support anyway
>
>
> By requiring immediate TLS instead of STARTTLS? Interesting. Last time I
> checked, OE supported only the former of both.
>
I wouldn't expect that to be consistent over the many years/versions of
Outlook/OE.
One of our users actually *does* have a WinBox, but is intelligent enuf
to not use an MS MUA.
Or browser.... (far more easily banned)
>
>>- selecting different acl routing rules for different user groups
>
>
> Depending on the incoming port? Sounds not very reliable.
Why so? Incoming ports tend to stay where you put 'em. Outgoing takes
more work...
Helps with getting the correct outbound helo set up for a virtual-domain
system, permits penalizing or srutinizing shoddy MUA's w/o totally
prohibiting them, (apply SA and ClamAV to certain OS/MUA's in both
directions),
> Anyway, I'd rather use some arbitrary port for this than abuse a
> well-known port.
We do that also. And 'well known' is exactly that, and not a thing more.
When a client has a really draconian ISP/corporate firewall, we even
provide secure SMTPSA on port 80 or 443.
Seldom blocked.... ;-)