Re: [exim] Should MX offer TLS ?

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MChris Edwards at <-
MMMike Cardwell at ->
Delete this message
Reply to this message
Author: Daniel Tiefnig
Date:  
To: Exim Mailing List
Subject: Re: [exim] Should MX offer TLS ?
Chris Edwards wrote:
> Makes sense. But then it can be argued the bad guy only needs EITHER
> the password OR the data. If he can sniff the content itself on the
> wire, then why bother trying to protect the password ?

So he/she can't relay via my servers using the sniffed user/pass ...

> How do sites who *do* do TLS over the Internet (with no certificate
> checks) get on ? Are there many obscure problems encountered ?

Hmm, I remember some problems with misconfigured MTAs that advertised
TLS, but then weren't able to provide it. The responsible admins blamed
us that we weren't able to send mails to them, because other servers
could send them mail... *sigh* There were quite a lot of them, so I
started using "hosts_avoid_tls = *" too.
After some time of running a medium / large mail site you start avoiding
problems wherever you can, because *lots* of the mailservers out there
are administered by people who really don't know what they're doing.

lg,
daniel

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Should MX offer TLS ?Re: [exim] fetchmail + exim4 error->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)