On Sep 16, 2013, at 10:56 AM, Reindl Harald wrote: > > > Am 16.09.2013 16:48, schrieb Dan Langille: >> On Sep 16, 2013, at 10:21 AM, Reindl Harald wrote: >> >>> Am 16.09.2013 16:10, schrieb Dan Langille: >>>>> Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs >>>>> has really be deprecated everywhere for some time now) >>>> >>>> For this test, I reconfigured the server to NOT use IMAPS and restarted >>>> it. Then I went >>>> to my iPhone and turned off SSL for this mail account. >>>> >>>> That configuration works for my iPhone. >>>> >>>> Looking via tcpdump, I can see that emails are indeed being downloaded in >>>> clear text >>> >>> you need to understand the difference between IMAPS/POP3S on the dedicated >>> 9xx ports versus STARTLS on 143/110 >> >> I believe I do understand. >> >>> http://en.wikipedia.org/wiki/STARTTLS >> >> Yes, that's what I those STARTTLS was. >> >>> if you turn off SSL it is turned off >>> on sane clients like thunderbird you can switch between cleartext/STARTTLS >>> and SSL >> >> So far, with all we've tried, the only secure option appears to be self >> signed certificates > > having like here since 2009 a Thawte certificate for SMTP/POP3/IMAP/HTTPS > without any issue is the better option because it is accepted by *any* > client and not *that* expensive > > dealing with self-signed certificates is *plain wrong* because you educate > your users happily confirm SSL warnings in their clients and having > the final result of this in mind it's better not offer SSL at all
When I am setting up servers for others to use, I agree. In this case. I am the only user. -- Dan Langille - http://langille.org
