On 2014-01-23, Heiko Schlittermann <hs@???> wrote:
> 25/smtp is for MTA -> MTA communication
> TLS depends on the options offered by the receiving
> and the options choosen by the sending side, thus
> is part of the SMTP protocol (command STARTTLS)
>
> 465/smtps is used by some excotic (?) MUAs for message submission
> TLS is negotiated on prior to the start of the
> SMTP protocol
465 is deprecated, yet becoming increasingly more common,
most MUAs that do starttls also support it. it's the only way to
submit mails to the gmail SMTP service.
> 587/submission
> is for MUA -> MTA communication
> TLS depends on the options offered by the receiving
> and the options choosen by the sending side, thus
> is part of the SMTP protocol (command STARTTLS)
> For SMTP TLS is a nice to have, I'd say.
> For message submission I'd say you've no option, I'd always enforce the
> use of STARTTLS befor authentication.
CRAM-MD5 is reasonably secure, but does require the host to retain the
password in cleartext. most clients capable of CRAM-MD5 are probably
also TLS capable, so this may not be a big advantage.
> For SMTP you want to use port 465 for that. (Better: you do not want
> this tls-on-connect at all! It's not standard.)
yeah, standards are, in general, good.
--
For a good time: install ntp
