On 23 Jan 2020, at 10:35, Marc ARC wrote:
At first we thought we’ll use port 993 since this is secure. But
then we realised that port 143 can also be secure with StartTLS.
Or is 993 better since it secures before communicating and is it
future proof ?
Port 993 mainly exists for historical reasons. Personally, I would keep
both ports open and make sure that the use of STARTTLS is required for
port 143. If you close one of these ports then it'll likely affect users
at some point when configuring an email client which either defaults to
143 or 993 (or it might even not support both).
And with SMTP we are confronted with a choice 25 or 465 or 587 ? We
prefer 587 since it requires AUTH . . . but what about the security
Port 587 is the standard for email submission (email client sending an
email) and is equivalent to 143 for IMAP (it uses STARTTLS). Port 465 is
a mess (Microsoft), but some email clients might still expect it to work
(Microsoft). Port 465 is kind of equivalent to port 993, but in practice
I've seen servers using port 465 with STARTTLS making it behave like
port 587.
You'll also need port 25 because this is the standard port used when
SMTP servers talk to eachother.
In a perfect world, only ports 25, 143 and 587 would exist.
We have been googling but can’t seem to find the mail between the
ports
Thanks in advance for your thoughts and reflections,
You'll probably get other opinions, but the important part is to ensure
that it's not possible to communicate on any port without encryption
enabled (with or without STARTTLS).
Security-wise, it is more important that you look into which TLS
protocols you allow on the server, but I'm not qualified to make any
recommendations on that:
https://en.wikipedia.org/wiki/Transport_Layer_Security
--
Benny
_______________________________________________
mailmate mailing list
mailmate@lists.freron.com
https://lists.freron.com/listinfo/mailmate
