[MlMt] Follow Up to Email Concerns

[Charlie Clark]

On 25 Jun 2021, at 2:35, Harvey Leff wrote:

> The university's reply is below if you are interested and willing to 
> read the claims. What I **DO** know is that the university replaced 
> its standard IMAP/SMTP server with Microsoft's proprietary ActiveSync.

Maybe Bill more authoritatively on this can comment on this but from my 
experience there is no way that ActiveSync is more secure than IMAP with 
TLS but the protocol isn't important as long as IIS is running in front 
of the mail server to handle authentication. IIS has a terrible track 
record for security, which is why it is still the main target for many 
attacks, including Hafnium.

For one of my customers, we've hardened Exchange with a proxy in front 
of it. IMAP works fine but Outlook for Mac repeatedly drops the 
connection, if you're not on the network. Apparently, on Windows you can 
drop down to basic authentication for such situations but this option 
isn't available on MacOS. Apple Mail also has an apparently I-Cloud 
dependent approach for ActiveSync which will prevent more than two 
accounts on the same domain. The solution: disable I-Cloud. :-/

Computer security is hard™. Why companies continue to try and roll 
their own is beyond me, apart from the obvious attractions of vendor 
lock-in, of course.

Charlie

--
Charlie Clark
Waldlehne 23
Düsseldorf
D- 40489
Tel: +49-203-746000
Mobile: +49-178-782-6226
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210625/6f5b8e98/attachment.htm>