<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body>
<div style="font-family:sans-serif"><div style="white-space:normal">
<p dir="auto">On 25 Jun 2021, at 2:35, Harvey Leff wrote:</p>
<blockquote style="border-left:2px solid #777; color:#777; margin:0 0 5px; padding-left:5px">
<p dir="auto">The university's reply is below if you are interested and willing to read the claims. What I <strong>DO</strong> know is that the university replaced its standard IMAP/SMTP server with Microsoft's proprietary ActiveSync.</p>
</blockquote>
<p dir="auto">Maybe Bill more authoritatively on this can comment on this but from my experience there is no way that ActiveSync is more secure than IMAP with TLS but the protocol isn't important as long as IIS is running in front of the mail server to handle authentication. IIS has a terrible track record for security, which is why it is still the main target for many attacks, including Hafnium.</p>
<p dir="auto">For one of my customers, we've hardened Exchange with a proxy in front of it. IMAP works fine but Outlook for Mac repeatedly drops the connection, if you're not on the network. Apparently, on Windows you can drop down to basic authentication for such situations but this option isn't available on MacOS. Apple Mail also has an apparently I-Cloud dependent approach for ActiveSync which will prevent more than two accounts on the same domain. The solution: disable I-Cloud. :-/</p>
<p dir="auto">Computer security is hard™. Why companies continue to try and roll their own is beyond me, apart from the obvious attractions of vendor lock-in, of course.</p>
<p dir="auto">Charlie</p>
<p dir="auto">--<br>
Charlie Clark<br>
Waldlehne 23<br>
Düsseldorf<br>
D- 40489<br>
Tel: +49-203-746000<br>
Mobile: +49-178-782-6226</p>
</div></div>
</body>
</html>