Re: [exim] STARTTLS before EHLO?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJakob Hirsch at <-
MDean Brooks at ->
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim-users
Subject: Re: [exim] STARTTLS before EHLO?
Marc Sherman wrote:
> W B Hacker wrote:
>
>>It does do so.
>>
>>That is the 'legacy' ssl mode AKA 'tls_on_connect'
>
>
> Bill, please be more careful about answering questions with incorrect
> information. tls_on_connect does not involve sending the STARTTLS
> command _at_all_. The connection is SSL-encrypted from the moment it's
> opened.
>

I know that. I said that. We rely on that.

>
>>tls_on_connect_ports = 465 : 587
>
>
> This has come up before; if you're going to recommend to random list
> posters that they configure 587 for tls_on_connect, please warn them
> explicitly that your configuration is very non-standard.
>
> - Marc
>
>

'Legacy', perhaps, but not 'non-standard' w/r our use of those
two ports.

465 is covered in RFC 825, 2825. 587 under RFC 3207.

Take note:

"... the submission port is by definition not a publicly
referenced SMTP server...." (RFC 3207 & port 587)

QED.

Bill








This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] exim listens on http portRe: [exim] eximstats - counting "=>" but not "->"->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)