Lazy network operators

• Previous message (by thread): Lazy network operators
• Next message (by thread): Lazy network operators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 14 Apr 2004, at 04:09, Miquel van Smoorenburg wrote:

> That was solved 6 years ago. You let them use port 587 instead of 25.
> http://www.faqs.org/rfcs/rfc2476.html

There's a slight wrinkle with that for people who want to submit mail 
over SSL.

Several graphical, consumer-grade mail clients let you select a port 
for "outgoing mail (SMTP)" and also have a checkbox for "use a secure 
connection (SSL)".

If (port == 25 && use_ssl) the client will EHLO to 25/tcp, and will 
attempt to use STARTTLS in order to encrypt the session.

If (port != 25 && use_ssl) the client will assume an SSL-wrapped SMTP 
server on the other end, and will not use STARTTLS.

If (port != 25 && !use_ssl) the client will assume a non-SSL-wrapped 
SMTP server, and will not use STARTTLS.

This provides an operational/support issue for people running mail 
servers who want to support both SSL and also non-encrypted mail 
submission for their clients. It's an implementation problem in mail 
clients, not a protocol issue, but since it sounds like it might make 
the helpdesk phone ring, I thought I'd mention it.


Joe

• Previous message (by thread): Lazy network operators
• Next message (by thread): Lazy network operators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]