Re: Why do so few mail providers support Port 587?
[reposting this to nanog, as my answer might be reasonably ontopic] On Fri, Feb 25, 2005, Brad Knowles wrote:
At 8:05 AM +0000 2005-02-25, Adrian Chadd wrote:
Because your MUA doesn't support SSL on what it considers to be non-standard ports? Because your ISP won't let you set up an ssh tunnel instead? Because there would be no other way to keep your mail connection secure, if SSL and ssh are denied to you?
Which MUA, that you/your users are using, won't let you run SSL on port 587?
Apparently, many Microsoft MUAs don't support that kind of thing.
Thats strange. I'm sure I've had outlook 200x speak SSL on 587. I've only ever had issues with Outlook parsing unsigned SSL certificates - it'll complain, then randomly crash.
Other MUAs don't support SSL at all, and therefore if you want to secure their communications, they either have to be tunneled over ssh, or you have to use a VPN.
Well, thats a bit silly then. There's SSL wrappers to use to "fake" SSL but you shouldn't have to. Rightio. It may be the case that its less of an MTA configuration issue and more of an MUA issue. Adoption rates may be higher if popular MUAs supported AUTH SMTP/SSL over port 587. Adrian -- Adrian Chadd "You don't have a TV? Then what's <adrian@creative.net.au> all your furniture pointing at?"
On 2/25/2005 3:16 AM, Adrian Chadd wrote:
[reposting this to nanog, as my answer might be reasonably ontopic]
On Fri, Feb 25, 2005, Brad Knowles wrote:
At 8:05 AM +0000 2005-02-25, Adrian Chadd wrote:
Because your MUA doesn't support SSL on what it considers to be non-standard ports? Because your ISP won't let you set up an ssh tunnel instead? Because there would be no other way to keep your mail connection secure, if SSL and ssh are denied to you?
Which MUA, that you/your users are using, won't let you run SSL on port 587?
Apparently, many Microsoft MUAs don't support that kind of thing.
Thats strange. I'm sure I've had outlook 200x speak SSL on 587.
The problem with OE (and probably O) is that it only supports SMTP-SSL carrier sessions rather than StartTLS sessions, especially when alternate ports are involved. Note that StartTLS is the standard, not SMTPS which was registered as informational and has been deprecated to boot. If you are using lots of MS clients, you have to give up on the idea of running 100% encrypted communications over port 587. Not that anybody is stopping you from setting up TLS-only on 587 and SMTPS on some other port... -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
participants (2)
-
Adrian Chadd
-
Eric A. Hall