Re: [exim] Using TLS to encrypt SMTP traffic...

Pàgina inicial
Aquest missatge és part del següent fil:
M\l'arbre de fils complet ordenat per data
MM\xyon en <-
MMMMarc Sherman en ->
Delete this message
Reply to this message
Autor: Steffen Heil
Data:  
A: exim-users
Assumpte: Re: [exim] Using TLS to encrypt SMTP traffic...
Hi

> >> Typical settings include:
> >>
> >> daemon_smtp_ports = 25 : 465 : 587
> >
> > Typical clients use START_TLS on port 25, but tls-on-connect on 465
> > (what about 587?). So with the above setting I'd strongly recommend
> >
> > tls_on_connect_ports = 465
>
> Please ignore everything Bill says about port 465. He
> continues to advise people to ignore established norms and
> standards, without warning.

I hope I missunderstand, but otherwise that comment is garbage.

In spite of the fact that it may be agains standards now I also suggest:

daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

25 is for inter-MTA smtp traffic. (explicit tls optionally, usually no auth)
587 is for "good" MUA to MTA traffic. (explicit tls prefered, only auth)
465 is for "bad" MUA to MTA traffic. (implicit ssl forced, only auth)

There are still clients wich don't do STARTTLS but only implicitSSL.
Some versions of Outlook for example.

If you configure this server only for yourself, drop port 465 completely.
However, if you need to support clients with somehow broken smtp/ssl
implementations, you have no chance to do otherwise.

I cannot afford to drop that many customers, maybe you can...

Regards,
Steffen
Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] rewrite env_from witch original h_to?Re: [exim] Using TLS to encrypt SMTP traffic...->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)