On 11/21/2014 04:04 PM, Reindl Harald wrote:
Am 21.11.2014 um 21:51 schrieb Robert Moskowitz:
On 11/21/2014 03:38 PM, Gedalya wrote:
On 11/21/2014 03:32 PM, Robert Moskowitz wrote:
On 11/21/2014 03:09 PM, Reindl Harald wrote:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
it can't as well as Outlook for POP3/IMAP you need 993/995 *without* STARTTLS - period
and that's why a sane mailserver needs to support 110,143,993,995,587 *and* 465 to support every client, that won't change in the near future
I missed 465; got the rest. Will have to look THAT one up. Thanks for the tip, Harald.
That's just implicit TLS for SMTP submission, instead of 587. OE needs that.
Which is way IETF has made a major pushback against every transport wanting a second port number for TLS. There just are not enough port numbers for this purpose
well, if we could tun back time 15 years ago many things would be different - IMHO the decision to deprecate 465 in favour to STARTTLS is plain wrong - it is much easier for a MITM to strip out the STARTTLS in the still unencrypted connection (given a client falls back to unencrypted in that cse) before the TLS handshake ever happens
It becomes yet another DOS attack, as the server would recognize this and drop the connection. Or at least it should. There are still so many MITM attacks it is sad. We do them be intent in corporation proxies to meet their legal rights as to internal usage.
But, yes, we really need a way-back machine. Lots of great ideas are just not holding up.