Author: Chris Edwards Date: To: Exim Mailing List Subject: Re: [exim] Should MX offer TLS ?
Daniel Tiefnig wrote:
| Chris Edwards wrote:
| > Makes sense. But then it can be argued the bad guy only needs EITHER
| > the password OR the data. If he can sniff the content itself on the
| > wire, then why bother trying to protect the password ?
|
| So he/she can't relay via my servers using the sniffed user/pass ...
OK, right. I guess it's also often true that submission will happen over
an easy-to-sniff link (public wireless, cybercafe, hotel)
whereas, by contrast, the MTA->MTA traffic is normally over hard-to-sniff
networks comprising the core of the Internet.
Bill Hacker wrote:
| TLS for submisson, TLS for POP/IMAP, and TLS for MX - MX does give
| nearly end-to-end protection between/among corporate servers.
Ye, this is precisely we were thinking - hence my asking this question.
It seems like we can get MTA->MTA encryption (albeit without authentication)
for "almost" free. But if folk running large sites are suggesting
caution, then we will heed that advice.
( with around 30,000 users I guess we're a small/medium site )
I wonder if this will be less painful in a couple of years.