| 1 |
On Friday 16 Oct 2015 06:14:18 Tuomo Hartikainen wrote: |
| 2 |
> On 2015-10-15 23:01, Mick wrote: |
| 3 |
> > On Thursday 15 Oct 2015 18:04:22 walt wrote: |
| 4 |
> > > My ISP recently started offering imap email service in addition to |
| 5 |
> > > the pop3/smtp servers they've always had, so I decided to try it. |
| 6 |
> > > |
| 7 |
> > > I was surprised to see that they recommend using a different smtp |
| 8 |
> > > server name when setting up my mail client, and they even offer the |
| 9 |
> > > option of using port 587 instead of 465 if I prefer it. |
| 10 |
> > > |
| 11 |
> > > Why would I use a different smtp server if I'm now using imap? I use |
| 12 |
> > > smtp to send mail, and imap to read it, right? Why not use the same |
| 13 |
> > > smtp server in either case? |
| 14 |
> > > |
| 15 |
> > > (The different server names actually resolve to the same IP address, so |
| 16 |
> > > the distinction seems to be more theoretical than real, but the theory |
| 17 |
> > > is what puzzles me.) |
| 18 |
> > > |
| 19 |
> > > Thanks. |
| 20 |
> > |
| 21 |
> > Port 587 is for TLS and is the proper port to be used by MSAs as per |
| 22 |
> > RFC6409. |
| 23 |
> > |
| 24 |
> > Port 467 on the other hand is for SMTPS: vanilla SMTP at the application |
| 25 |
> > level, but the communication to the server is still secured at the |
| 26 |
> > transport layer with SSL. This was an IANA attempt to provide a port |
| 27 |
> > for secure email communication pre-STARTTLS days. Today I think may be |
| 28 |
> > used for other purposes, but I am not sure if it is TCP or UDP |
| 29 |
> > streaming. |
| 30 |
> |
| 31 |
> As a clarification: port 587 *may* be used with STARTTLS while port 465 |
| 32 |
> is the actual SSL/TLS port. |
| 33 |
|
| 34 |
Yes indeed, the TLS usage is coincidental with RFC6409, rather than specified |
| 35 |
by it and even the use of port 587 is not obligatory (port 25 can still be |
| 36 |
used). As I mentioned port 465 is not specified by IETF, but was offered by |
| 37 |
IANA to run SMTP over an SSL secure connection but this was rescinded some |
| 38 |
time later. |
| 39 |
|
| 40 |
The thing with STARTTLS is that the client may decide to degrade the |
| 41 |
communication to plain text, if what is sent by the server (protocol, cipher, |
| 42 |
etc.) is deemed not appropriate. Some clients won't even notify the user. |
| 43 |
MITM attacks can be engineered to intercept a communication with a mail server |
| 44 |
to degrade the connection from the MUA on purpose. A dedicated TLS connection |
| 45 |
would be the best thing and some setups offer 465 for this purpose. |
| 46 |
-- |
| 47 |
Regards, |
| 48 |
Mick |
Archives