pop 110/995, imap 143/993 ?

Robert Wolf r.wolf.conf at gmail.com
Mon Aug 21 18:25:03 EEST 2017 

On Mon, 21 Aug 2017, Sebastian Arcus wrote:

> On 21/08/17 13:39, Robert Wolf wrote:
> > 
> > On Mon, 21 Aug 2017, Sebastian Arcus wrote:
> > 
> > >
> > > On 21/08/17 10:37, Gedalya wrote:
> > > > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
> > > > > is there a 'preferred way'?  should I tell users to use 143 over 993 ?
> > > > > or
> > > > > 993 over 143? or?
> > > > There is no concrete answer. There are various opinions and feelings
> > > > about
> > > > this.
> > > > The opinion againt 993/995 is that these are not standard ports,
> > >
> > > Out of curiosity, is there a source for this? It's the first time I hear
> > > that
> > > 993/995 are not standard ports - and searching on the Internet, I can't
> > > find
> > > any evidence to back it up? Also, pretty much all email software has been
> > > using them for the past 20 years or so. It seems like a curiously high
> > > rate of
> > > adoption for a non-standard :-)
> > 
> > 
> > Hello,
> > 
> > IMHO the "not standard ports" is meant as "old, useless ports now".
> 
> So in short, ports 993/995 are IANA officially approved, and thus "standard".
> Further to this, they are in use by the vast majority of email providers, and
> as far as I can tell, there are no functional or security disadvantages to
> using SSL over 993/995 - instead of STARTTLS over 110/143.


Hello Sebastian,

> there are no functional disadvantages

*** As I have written, only if some protocol can be used in just plain-text 
mode, then the SSL ports generate additional encryption load. CPU is probably 
no problem today, but I have seen some slower SSL connection on higher latence 
network. I am not SSL profi, but it looks like there is some ACK in SSL after 
some "SSL packet" which makes slower connection on high latency network, 
because SSL must wait for packet ACK. In plain-text connection, TCP requires 
ACK too, but TCP can open big window and send many data at once and wait only 
for the last ACK.


> there are no security disadvantages

*** Exactly, there is really no security disadvantage to use SSL ports, the 
encryption is same, resp. there is security advantage to use SSL ports to be 
sure that every communication is encrypted from start and client cannot send 
anything plaintext.


Regards,

Robert Wolf.

More information about the dovecot mailing list