[MlMt] 143 or 993 . . . and security

Benny Kjær Nielsen mailinglist at freron.com
Fri Jan 24 04:35:48 EST 2020

Previous message (by thread): [MlMt] 143 or 993 . . . and security
Next message (by thread): [MlMt] 143 or 993 . . . and security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 23 Jan 2020, at 17:21, Bill Cole wrote:

> On 23 Jan 2020, at 5:18, Benny Kjær Nielsen wrote:
>
>> Port 993 mainly exists for historical reasons.
>
> I understand that point of view, and might have totally agreed a 
> decade ago, but I think it has been overtaken by events, experience, 
> and RFC8314.

History has been updated since the last time I looked into it ;-)

I guess given what we know now then STARTTLS should never have been 
created. It would have been better if ports 143 and 587 had remained to 
be clear-text-only ports essentially making them obsolote today. Today, 
servers would then only support ports 993 and 465 and mis-configured 
servers would be less likely. (I'm ignoring port 25 since I'm an email 
client developer.)

In my (little) world, it all makes little difference since experience 
tells me that I have to support every variant in existence since the 
email client always takes the blame when something doesn't work :-)

>> Port 587 is the standard for email submission (email client sending 
>> an email) and is equivalent to 143 for IMAP (it uses STARTTLS). Port 
>> 465 is a mess (Microsoft), but some email clients might still expect 
>> it to work (Microsoft).
>
> The best practices for initial mail submission have changed. Port 465 
> has been a mess but the way in which it remained a mess for 2 decades 
> made RFC8314 a reasonable solution for making submission more

Ok, this also means that MailMate should, ideally, default to ports 993 
and 465 and discourage 143/587 (and 25). Port 993 would very likely be 
fine, but I would be worried about doing that for port 465...

>> You'll probably get other opinions, but the important part is to 
>> ensure that it's not possible to communicate on any port without 
>> encryption enabled (with or without STARTTLS).
>
> As stated, that is infeasible. See above my discussion of SMTP on port 
> 25.

Agreed, I'm just unintentionally ignoring anything which does not 
involve an email client :)

So, to conclude, the OP should go for 993/465/25 and only enable 587/143 
if needed by their users (enforcing STARTTLS).

MailMate must support everything, but it could be much better at default 
values and make it harder/warn when anything but wrapped 993/465 is 
used/configured. I'll make a note of that :)

-- 
Benny

Previous message (by thread): [MlMt] 143 or 993 . . . and security
Next message (by thread): [MlMt] 143 or 993 . . . and security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mailmate mailing list