[69560] in North American Network Operators' Group
Re: Lazy network operators
daemon@ATHENA.MIT.EDU (Joe Maimon)
Wed Apr 14 10:59:32 2004
Date: Wed, 14 Apr 2004 10:58:55 -0400
From: Joe Maimon <jmaimon@ttec.com>
To: nanog@merit.edu
In-Reply-To: <1191062D-8E1D-11D8-B166-000393CD86AC@isc.org>
Errors-To: owner-nanog-outgoing@merit.edu
Joe Abley wrote:
>
>
> On 14 Apr 2004, at 04:09, Miquel van Smoorenburg wrote:
>
>> That was solved 6 years ago. You let them use port 587 instead of 25.
>> http://www.faqs.org/rfcs/rfc2476.html
>
>
> There's a slight wrinkle with that for people who want to submit mail
> over SSL.
>
> Several graphical, consumer-grade mail clients let you select a port
> for "outgoing mail (SMTP)" and also have a checkbox for "use a secure
> connection (SSL)".
>
> If (port == 25 && use_ssl) the client will EHLO to 25/tcp, and will
> attempt to use STARTTLS in order to encrypt the session.
>
> If (port != 25 && use_ssl) the client will assume an SSL-wrapped SMTP
> server on the other end, and will not use STARTTLS.
>
> If (port != 25 && !use_ssl) the client will assume a non-SSL-wrapped
> SMTP server, and will not use STARTTLS.
>
> This provides an operational/support issue for people running mail
> servers who want to support both SSL and also non-encrypted mail
> submission for their clients. It's an implementation problem in mail
> clients, not a protocol issue, but since it sounds like it might make
> the helpdesk phone ring, I thought I'd mention it.
>
Talking about implementations:
Sendmail 8.12.11
-- See _FFR_SMTP_SSL build time define/m4 directive value
Sendmail 8.13.0Alpha:
-- From http://www.sendmail.org/8.13.0.Alpha0.html
Support for SMTP over SSL (smtps), activated by Modifier=s
for DaemonPortOptions.
Clients:
Outlook versions I am familiar with follow above rules
Mozilla/Thunderbird IIRC have fixes for this issue
> Joe
>
>
