1 |
On Friday 16 Oct 2015 06:14:18 Tuomo Hartikainen wrote: |
2 |
> On 2015-10-15 23:01, Mick wrote: |
3 |
> > On Thursday 15 Oct 2015 18:04:22 walt wrote: |
4 |
> > > My ISP recently started offering imap email service in addition to |
5 |
> > > the pop3/smtp servers they've always had, so I decided to try it. |
6 |
> > > |
7 |
> > > I was surprised to see that they recommend using a different smtp |
8 |
> > > server name when setting up my mail client, and they even offer the |
9 |
> > > option of using port 587 instead of 465 if I prefer it. |
10 |
> > > |
11 |
> > > Why would I use a different smtp server if I'm now using imap? I use |
12 |
> > > smtp to send mail, and imap to read it, right? Why not use the same |
13 |
> > > smtp server in either case? |
14 |
> > > |
15 |
> > > (The different server names actually resolve to the same IP address, so |
16 |
> > > the distinction seems to be more theoretical than real, but the theory |
17 |
> > > is what puzzles me.) |
18 |
> > > |
19 |
> > > Thanks. |
20 |
> > |
21 |
> > Port 587 is for TLS and is the proper port to be used by MSAs as per |
22 |
> > RFC6409. |
23 |
> > |
24 |
> > Port 467 on the other hand is for SMTPS: vanilla SMTP at the application |
25 |
> > level, but the communication to the server is still secured at the |
26 |
> > transport layer with SSL. This was an IANA attempt to provide a port |
27 |
> > for secure email communication pre-STARTTLS days. Today I think may be |
28 |
> > used for other purposes, but I am not sure if it is TCP or UDP |
29 |
> > streaming. |
30 |
> |
31 |
> As a clarification: port 587 *may* be used with STARTTLS while port 465 |
32 |
> is the actual SSL/TLS port. |
33 |
|
34 |
Yes indeed, the TLS usage is coincidental with RFC6409, rather than specified |
35 |
by it and even the use of port 587 is not obligatory (port 25 can still be |
36 |
used). As I mentioned port 465 is not specified by IETF, but was offered by |
37 |
IANA to run SMTP over an SSL secure connection but this was rescinded some |
38 |
time later. |
39 |
|
40 |
The thing with STARTTLS is that the client may decide to degrade the |
41 |
communication to plain text, if what is sent by the server (protocol, cipher, |
42 |
etc.) is deemed not appropriate. Some clients won't even notify the user. |
43 |
MITM attacks can be engineered to intercept a communication with a mail server |
44 |
to degrade the connection from the MUA on purpose. A dedicated TLS connection |
45 |
would be the best thing and some setups offer 465 for this purpose. |
46 |
-- |
47 |
Regards, |
48 |
Mick |