Re: [exim] Exim4 + fixed_cram

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Duane Hill
Date:  
À: exim-users
Sujet: Re: [exim] Exim4 + fixed_cram
Saturday, January 25, 2014, 12:24:35 PM, Jasen wrote:

> On 2014-01-23, Heiko Schlittermann <hs@???> wrote:


>>      25/smtp  is for MTA -> MTA communication
>>               TLS depends on the options offered by the receiving
>>               and the options choosen by the sending side, thus
>>               is part of the SMTP protocol (command STARTTLS)

>>
>>     465/smtps is used by some excotic (?) MUAs for message submission
>>               TLS is negotiated on prior to the start of the
>>               SMTP protocol


> 465 is deprecated, yet becoming increasingly more common,
> most MUAs that do starttls also support it. it's the only way to
> submit mails to the gmail SMTP service.


Port 465 is not the only way email gets submitted to gmail.

>>     587/submission
>>               is for MUA -> MTA communication
>>               TLS depends on the options offered by the receiving
>>               and the options choosen by the sending side, thus
>>               is part of the SMTP protocol (command STARTTLS)



>> For SMTP TLS is a nice to have, I'd say.
>> For message submission I'd say you've no option, I'd always enforce the
>> use of STARTTLS befor authentication.


> CRAM-MD5 is reasonably secure, but does require the host to retain the
> password in cleartext. most clients capable of CRAM-MD5 are probably
> also TLS capable, so this may not be a big advantage.


>> For SMTP you want to use port 465 for that. (Better: you do not want
>> this tls-on-connect at all! It's not standard.)


> yeah, standards are, in general, good.



> --
> For a good time: install ntp





-- 
Best regards,
 Duane                            mailto:duihi77@gmail.com