[MlMt] 143 or 993 . . . and security
Marc ARC
MailMate at arcict.com
Fri Jan 24 12:25:21 EST 2020
Benny, Pete, Bill, ( in order of reaction :-) )
Thank you all for sharing
I think we can go with this . . . till the next update of history, ;-)
Have a nice weekend,
Marc
On 24 Jan 2020, at 10:35, Benny Kjær Nielsen wrote:
> On 23 Jan 2020, at 17:21, Bill Cole wrote:
>
>> On 23 Jan 2020, at 5:18, Benny Kjær Nielsen wrote:
>>
>>> Port 993 mainly exists for historical reasons.
>>
>> I understand that point of view, and might have totally agreed a
>> decade ago, but I think it has been overtaken by events, experience,
>> and RFC8314.
>
> History has been updated since the last time I looked into it ;-)
>
> I guess given what we know now then STARTTLS should never have been
> created. It would have been better if ports 143 and 587 had remained
> to be clear-text-only ports essentially making them obsolote today.
> Today, servers would then only support ports 993 and 465 and
> mis-configured servers would be less likely. (I'm ignoring port 25
> since I'm an email client developer.)
>
> In my (little) world, it all makes little difference since experience
> tells me that I have to support every variant in existence since the
> email client always takes the blame when something doesn't work :-)
>
>>> Port 587 is the standard for email submission (email client sending
>>> an email) and is equivalent to 143 for IMAP (it uses STARTTLS). Port
>>> 465 is a mess (Microsoft), but some email clients might still expect
>>> it to work (Microsoft).
>>
>> The best practices for initial mail submission have changed. Port 465
>> has been a mess but the way in which it remained a mess for 2 decades
>> made RFC8314 a reasonable solution for making submission more
>
> Ok, this also means that MailMate should, ideally, default to ports
> 993 and 465 and discourage 143/587 (and 25). Port 993 would very
> likely be fine, but I would be worried about doing that for port
> 465...
>
>>> You'll probably get other opinions, but the important part is to
>>> ensure that it's not possible to communicate on any port without
>>> encryption enabled (with or without STARTTLS).
>>
>> As stated, that is infeasible. See above my discussion of SMTP on
>> port 25.
>
> Agreed, I'm just unintentionally ignoring anything which does not
> involve an email client :)
>
> So, to conclude, the OP should go for 993/465/25 and only enable
> 587/143 if needed by their users (enforcing STARTTLS).
>
> MailMate must support everything, but it could be much better at
> default values and make it harder/warn when anything but wrapped
> 993/465 is used/configured. I'll make a note of that :)
>
> --
> Benny
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> https://lists.freron.com/listinfo/mailmate
More information about the mailmate
mailing list