[MlMt] Follow Up to Email Concerns
charlie at begeistert.org
Fri Jun 25 04:55:32 EDT 2021
On 25 Jun 2021, at 2:35, Harvey Leff wrote:
> The university's reply is below if you are interested and willing to
> read the claims. What I **DO** know is that the university replaced
> its standard IMAP/SMTP server with Microsoft's proprietary ActiveSync.
Maybe Bill more authoritatively on this can comment on this but from my
experience there is no way that ActiveSync is more secure than IMAP with
TLS but the protocol isn't important as long as IIS is running in front
of the mail server to handle authentication. IIS has a terrible track
record for security, which is why it is still the main target for many
attacks, including Hafnium.
For one of my customers, we've hardened Exchange with a proxy in front
of it. IMAP works fine but Outlook for Mac repeatedly drops the
connection, if you're not on the network. Apparently, on Windows you can
drop down to basic authentication for such situations but this option
isn't available on MacOS. Apple Mail also has an apparently I-Cloud
dependent approach for ActiveSync which will prevent more than two
accounts on the same domain. The solution: disable I-Cloud. :-/
Computer security is hard™. Why companies continue to try and roll
their own is beyond me, apart from the obvious attractions of vendor
lock-in, of course.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the mailmate