[MlMt] Trouble connecting to iCloud (certificate validation)

Bill Cole mmlist-20120120 at billmail.scconsult.com
Thu Aug 20 23:11:03 EDT 2015

Previous message: [MlMt] Trouble connecting to iCloud (certificate validation)
Next message: [MlMt] Trouble connecting to iCloud (certificate validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20 Aug 2015, at 11:46, Benny Kjær Nielsen wrote:

> MailMate is bad at handling port 465 (even when it works), because 
> some servers use it SSL style and some use it TLS style (as in port 
> 993 vs 143 for IMAP).

Wait... What?! REALLY? There are servers answering on port 465 with a 
plaintext SMTP banner? That is irredeemably broken. I could understand 
trying to tighten up port 465 by disabling SSLv2 and SSLv3 specifically 
(maybe even TLSv1.0) and weak ciphers, but configuring it like it's port 
587 is beyond the pale.

Not that SMTPS on port 465 was EVER a real standard, but in the draft 
that Netscape tossed out the door as they were dismembering themselves, 
it *was* specified: as SSL-on-connect just like 443 for HTTPS, 993 for 
IMAPS, 995 for POPS. It's just that SMTP operationally is a bad fit for 
a dedicated secure port and the whole concept of dedicated secure ports 
was ill-conceived.

In an ideal world mail clients wouldn't need to support mail submission 
in any mode other than port 587 with STARTTLS using one of the AUTH 
mechanisms that don't require them to store passwords recoverably. Mail 
systems that don't offer that in 2015 ought to be viewed with deep 
suspicion.

Previous message: [MlMt] Trouble connecting to iCloud (certificate validation)
Next message: [MlMt] Trouble connecting to iCloud (certificate validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mailmate mailing list