Re: [exim] Using TLS to encrypt SMTP traffic...

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim-users
Sujet: Re: [exim] Using TLS to encrypt SMTP traffic...
Marc Sherman wrote:

> W B Hacker wrote:
>
>>Ancient history now. Like it or not, we should move on and use 587.
>
>
> That's all well and good, Bill, and if you simply advised people not to
> open port 465 at all, I wouldn't reply. It's your repeated advise to
> people to open 465 for unencrypted/STARTTLS usage, against all
> established historical practice, to which I object.
>
> - Marc
>


You have a reading disability then.

I have neither recommended that, illustrated that, nor done it on production
servers OR MUA settings. We have never used 465 for anything BUT SSL/tls_on-connect.

I *have* "illustrated", but NOT RECOMMENDED use of port 587 with tls_on_connect.

That is not common per established practice, but is tactily supported and *not
prohibited* under the applicable IANA/IETF guidelines for the port.

See RFC 4409:

3.1. Submission Identification

    Port 587 is reserved for email message submission as specified in
    this document.  Messages received on this port are defined to be
    submissions.  The protocol used is ESMTP [SMTP-MTA, ESMTP], *with
    additional restrictions or allowances as specified here*.


.
.
.


3.3. Authorized Submission

    "Numerous methods have been used to ensure that only authorized users
    are able to submit messages.  These methods include authenticated
    SMTP, IP address restrictions, *secure IP and other tunnels*,..."


That said, I still do not RECOMMEND *anything* - save familiarizing oneself with
the current IANA or IETF position.

The rest is up to the mailadmin, as IANA/IETF wisely recognize that user-MUA
client to server-MSA host submission is a *local* issue.

RTFRFC

Bill