Re: [exim] Closing off Port to non-SSL traffic

Góra strony
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
Dla: exim-users
Temat: Re: [exim] Closing off Port to non-SSL traffic
On Sun, Jun 26, 2022 at 04:30:14PM +0200, Slavko via Exim-users wrote:

> > it seems
> > there is confusion over the use of this port. I've always assumed
> > that some MTA clients may use port 465 - rather than using port 25.
>
> Not MAY, they SHOULD (if they support it), the 587 is as fallback for
> old clients only, the 25/tcp is deprecated for MUAs for years...


Read carefully, the question (as stated) was about SMTP relay client
*MTAs*, not client submission MUAs.

> > Users should then set SSL/TLS encryption on port 465? (which means me
> > talking to all of them)
>
> Sure, send email them, phone them, meet them... And then wait some time
> (weeks, months, ...), then close 587... As i noted elsewhere, i
> don't allow clients connections to 25 nor 587 at least for two years...


There is not much to be gained by insisting users reconfigure their
systems. Sure document 465 as the preferred configuration, but then let
the users decide. The sky is not falling.

Gradually as they update their MUA software, they'll likely end up on
465.

-- 
    Viktor.