Autor: Marc Sherman Data: A: exim-users Assumpte: Re: [exim] TLS interaction problem with Communigate Pro 4.1.6
Florian Weimer wrote: > * Marc Sherman:
>
>> Why allow TLS on port 25 at all? There's not much security value in TLS
>> for random MTA-MTA traffic.
>
> It prevents passive eavesdropping (by content-filtering transit ISPs,
> for instance). Some mail peers have also hard-wired our certificate
> into their systems, without actually using SMTP submission.
That's a false sense of security; there's so many other insecure parts
of the chain (such as subsequent relay hops beyond your server) where
the message can be intercepted, that it doesn't add any value. In fact,
it's probably a loss, because people might think their mail was secure
when in fact it isn't.