Kjetil Torgrim Homme wrote:
On Wed, 2006-01-18 at 18:00 +0800, Bill Hacker wrote:
tls_on_connect_ports = 465 : 587 <IF and ONLY IF using old-style SSL
instead of STARTTLS. MUA-dependent>
there is NO good reason to use tls_on_connect on port 587. this will
only cause interoperability woes.
See below.
Note that this does not *prevent* an MUA from connecting on port 25, nor
force it to use SSL/TLS if it does so.
or vice versa for MTA's connecting to 587.
Not so!
Aside from matching the protocol, they would have to be able to
authenticate with
port-specific SQL-DB stored multi-part UID's and passwords that do not
resemble
[EMAIL PROTECTED], nor are they the same UID/PWD's used for webmail, POP
or IMAP.
> we actually experienced that
yesterday, an MTA set up to use port 587, ostensibly for security
purposes! luckily we had put in a check for this and deny
unauthenticated sending on ports other than 25 (we support 465 and 587
as MSA).
You just disproved your own first point, above, in showing that the
'interoperability woes' issue can contribute to preventing unexpected
abuse, at the very least by caling attention to it.
Our use of 587 fits precisely our setup for specific-client MUA's. And
no others.
Not proselytizing, but 'standards' apply to the part we do NOT control
(our MTA-MTA environment is very much more gracious).
w/r MUA's, OTOH, its 'our servers, our rules'. And even 'Our chosen MUA's'.
But we do only bespoke, corporate mx, some with as few as half-a-dozen
accounts, not public/all-comers ISP/ASP services, so, as said, a
"luxury". ;-)
Bill
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
