[MlMt] 143 or 993 . . . and security

Marc ARC MailMate at arcict.com
Fri Jan 24 12:25:21 EST 2020

Previous message (by thread): [MlMt] 143 or 993 . . . and security
Next message (by thread): [MlMt] Rename attachment?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Benny, Pete, Bill, ( in order of reaction :-) )

Thank you all for sharing

I think we can go with this . . . till the next update of history, ;-)

Have a nice weekend,


Marc


On 24 Jan 2020, at 10:35, Benny Kjær Nielsen wrote:

> On 23 Jan 2020, at 17:21, Bill Cole wrote:
>
>> On 23 Jan 2020, at 5:18, Benny Kjær Nielsen wrote:
>>
>>> Port 993 mainly exists for historical reasons.
>>
>> I understand that point of view, and might have totally agreed a 
>> decade ago, but I think it has been overtaken by events, experience, 
>> and RFC8314.
>
> History has been updated since the last time I looked into it ;-)
>
> I guess given what we know now then STARTTLS should never have been 
> created. It would have been better if ports 143 and 587 had remained 
> to be clear-text-only ports essentially making them obsolote today. 
> Today, servers would then only support ports 993 and 465 and 
> mis-configured servers would be less likely. (I'm ignoring port 25 
> since I'm an email client developer.)
>
> In my (little) world, it all makes little difference since experience 
> tells me that I have to support every variant in existence since the 
> email client always takes the blame when something doesn't work :-)
>
>>> Port 587 is the standard for email submission (email client sending 
>>> an email) and is equivalent to 143 for IMAP (it uses STARTTLS). Port 
>>> 465 is a mess (Microsoft), but some email clients might still expect 
>>> it to work (Microsoft).
>>
>> The best practices for initial mail submission have changed. Port 465 
>> has been a mess but the way in which it remained a mess for 2 decades 
>> made RFC8314 a reasonable solution for making submission more
>
> Ok, this also means that MailMate should, ideally, default to ports 
> 993 and 465 and discourage 143/587 (and 25). Port 993 would very 
> likely be fine, but I would be worried about doing that for port 
> 465...
>
>>> You'll probably get other opinions, but the important part is to 
>>> ensure that it's not possible to communicate on any port without 
>>> encryption enabled (with or without STARTTLS).
>>
>> As stated, that is infeasible. See above my discussion of SMTP on 
>> port 25.
>
> Agreed, I'm just unintentionally ignoring anything which does not 
> involve an email client :)
>
> So, to conclude, the OP should go for 993/465/25 and only enable 
> 587/143 if needed by their users (enforcing STARTTLS).
>
> MailMate must support everything, but it could be much better at 
> default values and make it harder/warn when anything but wrapped 
> 993/465 is used/configured. I'll make a note of that :)
>
> -- 
> Benny
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> https://lists.freron.com/listinfo/mailmate

Previous message (by thread): [MlMt] 143 or 993 . . . and security
Next message (by thread): [MlMt] Rename attachment?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mailmate mailing list