On 08/21/2017 07:28 AM, voytek@sbt.net.au wrote:
is there a 'preferred way'? should I tell users to use 143 over 993 ? or 993 over 143? or? There is no concrete answer. There are various opinions and feelings about this. The opinion againt 993/995 is that these are not standard ports, and there is no need to allocate new ports for the secure version of each protocol since we can use STARTTLS.
The problem with 110/143 is that security depends on settings on both ends: The client must be configured to negotiate STARTTLS as mandatory, and refuse to talk to the server when that doesn't work. The server must also refuse to talk to clients without STARTTLS. Since some mail clients support "opportunistic" STARTTLS, that is, use port 143 and use STARTTLS *if / when* available, some people feel there are too many subtleties involved, and ports 993/995 just make all this go away.
Requiring STARTTLS on the server side doesn't prevent a man-in-the-middle attack. The client must be configured to insist on negotiating STARTTLS with a server with a verified certificate.
my current understanding is that some (MS?) clients might not support StartTLS/143 ? so best to offer both ? Their newest clients do support STARTTLS. I don't remember exactly but maybe Outlook 2003 or so didn't support it. I think? some public WiFi block 993/995 but allow 143/110, hence, another advantage for using 143/110
Never heard of this either.