Re: [exim] TLS interaction problem with Communigate Pro 4.1.…

Top Page
Delete this message
Reply to this message
Author: Marc Sherman
Date:  
To: exim-users
Subject: Re: [exim] TLS interaction problem with Communigate Pro 4.1.6
Florian Weimer wrote:
> * Marc Sherman:
>
>> Why allow TLS on port 25 at all? There's not much security value in TLS
>> for random MTA-MTA traffic.
>
> It prevents passive eavesdropping (by content-filtering transit ISPs,
> for instance). Some mail peers have also hard-wired our certificate
> into their systems, without actually using SMTP submission.


That's a false sense of security; there's so many other insecure parts
of the chain (such as subsequent relay hops beyond your server) where
the message can be intercepted, that it doesn't add any value. In fact,
it's probably a loss, because people might think their mail was secure
when in fact it isn't.

- Marc