Re: [exim] Exim4 + fixed_cram

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jasen Betts
Date:  
À: exim-users
Sujet: Re: [exim] Exim4 + fixed_cram
On 2014-01-23, Heiko Schlittermann <hs@???> wrote:

>      25/smtp  is for MTA -> MTA communication
>               TLS depends on the options offered by the receiving
>               and the options choosen by the sending side, thus
>               is part of the SMTP protocol (command STARTTLS)

>
>     465/smtps is used by some excotic (?) MUAs for message submission
>               TLS is negotiated on prior to the start of the
>               SMTP protocol


465 is deprecated, yet becoming increasingly more common,
most MUAs that do starttls also support it. it's the only way to
submit mails to the gmail SMTP service.

>     587/submission
>               is for MUA -> MTA communication
>               TLS depends on the options offered by the receiving
>               and the options choosen by the sending side, thus
>               is part of the SMTP protocol (command STARTTLS)



> For SMTP TLS is a nice to have, I'd say.
> For message submission I'd say you've no option, I'd always enforce the
> use of STARTTLS befor authentication.


CRAM-MD5 is reasonably secure, but does require the host to retain the
password in cleartext. most clients capable of CRAM-MD5 are probably
also TLS capable, so this may not be a big advantage.

> For SMTP you want to use port 465 for that. (Better: you do not want
> this tls-on-connect at all! It's not standard.)


yeah, standards are, in general, good.


--
For a good time: install ntp