Re: [exim] Should MX offer TLS ?

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MW B Hacker at <-
MMJohn W. Baxter at ->
Delete this message
Reply to this message
Author: Chris Edwards
Date:  
To: Exim Mailing List
Subject: Re: [exim] Should MX offer TLS ?
Daniel Tiefnig wrote:

| Chris Edwards wrote:
| > Makes sense. But then it can be argued the bad guy only needs EITHER
| > the password OR the data. If he can sniff the content itself on the
| > wire, then why bother trying to protect the password ?
|
| So he/she can't relay via my servers using the sniffed user/pass ...

OK, right. I guess it's also often true that submission will happen over
an easy-to-sniff link (public wireless, cybercafe, hotel)

whereas, by contrast, the MTA->MTA traffic is normally over hard-to-sniff
networks comprising the core of the Internet.


Bill Hacker wrote:

| TLS for submisson, TLS for POP/IMAP, and TLS for MX - MX does give
| nearly end-to-end protection between/among corporate servers.

Ye, this is precisely we were thinking - hence my asking this question.
It seems like we can get MTA->MTA encryption (albeit without authentication)
for "almost" free. But if folk running large sites are suggesting
caution, then we will heed that advice.

( with around 30,000 users I guess we're a small/medium site )

I wonder if this will be less painful in a couple of years.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Blocking Users with No Reverse DNSRe: [exim] Blocking Users with No Reverse DNS->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)