pop 110/995, imap 143/993 ?

Gedalya gedalya at gedalya.net
Mon Aug 21 12:37:57 EEST 2017


On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
> is there a 'preferred way'?  should I tell users to use 143 over 993 ? or
> 993 over 143? or?
There is no concrete answer. There are various opinions and feelings about this.
The opinion againt 993/995 is that these are not standard ports, and there is no
need to allocate new ports for the secure version of each protocol since we can
use STARTTLS.

The problem with 110/143 is that security depends on settings on both ends:
The client must be configured to negotiate STARTTLS as mandatory, and refuse
to talk to the server when that doesn't work.
The server must also refuse to talk to clients without STARTTLS.
Since some mail clients support "opportunistic" STARTTLS, that is, use port 143
and use STARTTLS *if / when* available, some people feel there are too many
subtleties involved, and ports 993/995 just make all this go away.

Requiring STARTTLS on the server side doesn't prevent a man-in-the-middle
attack. The client must be configured to insist on negotiating STARTTLS with a
server with a verified certificate.

> my current understanding is that some (MS?) clients might not support
> StartTLS/143 ? so best to offer both ?
Their newest clients do support STARTTLS. I don't remember exactly but maybe
Outlook 2003 or so didn't support it.
> I think? some public WiFi block 993/995 but allow 143/110, hence, another
> advantage for using 143/110

Never heard of this either.




More information about the dovecot mailing list