Author: Exim Mailing List Date: To: exim-users Subject: Re: [exim] host use tsl on port 25?
On Tue, Jan 23, 2007 at 07:18:06PM +0100, Magnus Holmgren wrote:
> > Not sure why they would be advertising TLS to the outside world without
> > some sort of auth first,
>
> Offering TLS is a good idea if you want to accept PLAIN or LOGIN
> authentication without forcing the users to send their passwords in the
> clear.
In a perfect world, that service would be offered on a different set
of servers (or ports, in the case of 587 service) than are used for
outside MX service. You would especially expect to see that on a
large provider like Bellsouth.
> Although optimally all certificates would need to be verified, TLS without
> verifying the other end still offers some protection against passive
> eavesdropping. Whether it's worth the extra resources and how often a passive
> attacker can't as well perform an active attack are other matters.
It's not worth anything if you don't have complete trust of the other
party that you are delivering to, IMO.