On 30 Apr 2021, at 13:47, Robert L Mathews lists@tigertech.com wrote:
Because of this, I've changed my company's various email autoconfigure/autodiscover hints and help pages to recommend configuring new clients using port 993 for IMAP
The is the right choice, though port 993 is IMAPS, not IMAP. I did not even know starttls was allowed/supported/widely available on port 143. I haven’t allowed use of that port in nearly 20 years (people with old mail clients that didn’t support IMAPS could use webmail).
and port 465 for SMTP submission (rather than 143 and 587 with STARTTLS). I don't need the hassle of finding out the hard way that new programs are deprecating STARTTLS, if that's what they're doing.
Since port 587 is dedicated to submission with STARTTLS you should be fine, as anyone wanting yo use submissions will be using only port 465.
Unless you are concerned about STRIPTLS, but on most (all proper?) configurations of port 587, there is no fallback for STRIPTLS to exploit via a downgrade attack. And most newer (last half decade?) mail clients will try submissions it submission fails, or vice-versa. Or at least the clients used by most people.
-- 'Why are our people going out there?' said Mr Boggis of the Thieves' Guild. 'Because they are showing a brisk pioneering spirit and seeking wealth and... additional wealth in a new land,' said Lord Vetinari. 'What's in it for the Klatchians?' said Lord Downey. 'Oh, they've gone out there because they are a bunch of unprincipled opportunists always ready to grab something for nothing,' said Lord Vetinari. [...] The Patrician looked down again at his notes. 'Oh, I do beg your pardon,' he said. 'I seem to have read those last two sentences in the wrong order.