On Friday 16 Oct 2015 06:14:18 Tuomo Hartikainen wrote: > On 2015-10-15 23:01, Mick wrote: > > On Thursday 15 Oct 2015 18:04:22 walt wrote: > > > My ISP recently started offering imap email service in addition to > > > the pop3/smtp servers they've always had, so I decided to try it. > > > > > > I was surprised to see that they recommend using a different smtp > > > server name when setting up my mail client, and they even offer the > > > option of using port 587 instead of 465 if I prefer it. > > > > > > Why would I use a different smtp server if I'm now using imap? I use > > > smtp to send mail, and imap to read it, right? Why not use the same > > > smtp server in either case? > > > > > > (The different server names actually resolve to the same IP address, so > > > the distinction seems to be more theoretical than real, but the theory > > > is what puzzles me.) > > > > > > Thanks. > > > > Port 587 is for TLS and is the proper port to be used by MSAs as per > > RFC6409. > > > > Port 467 on the other hand is for SMTPS: vanilla SMTP at the application > > level, but the communication to the server is still secured at the > > transport layer with SSL. This was an IANA attempt to provide a port > > for secure email communication pre-STARTTLS days. Today I think may be > > used for other purposes, but I am not sure if it is TCP or UDP > > streaming. > > As a clarification: port 587 *may* be used with STARTTLS while port 465 > is the actual SSL/TLS port.
Yes indeed, the TLS usage is coincidental with RFC6409, rather than specified by it and even the use of port 587 is not obligatory (port 25 can still be used). As I mentioned port 465 is not specified by IETF, but was offered by IANA to run SMTP over an SSL secure connection but this was rescinded some time later. The thing with STARTTLS is that the client may decide to degrade the communication to plain text, if what is sent by the server (protocol, cipher, etc.) is deemed not appropriate. Some clients won't even notify the user. MITM attacks can be engineered to intercept a communication with a mail server to degrade the connection from the MUA on purpose. A dedicated TLS connection would be the best thing and some setups offer 465 for this purpose. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
