Security Basics mailing list archives
Re: Opportunistic TLS on mail servers
From: Gustavo Castro <gcastrop () gmail com>
Date: Fri, 13 Mar 2009 13:53:45 -0300
Steve: I use STARTTLS (a.k.a. opportunistic TLS) on SMTP (ports 25 and 587(forced, not opportunistic)) and IMAP, and SMTPS (SMTP over SSL), but users don't use it too much anyway. Some client programs claims to use SSL but don't specify if they use pure SSL transport or STARTTLS (that's the case with the Palm Versamail, that uses STARTTLS only), so that can be an issue for you. The only real problem I've faced was that some servers, when connected as clients, didn't handle well the protocol negotiation and fail, but this is quite visible on the logs, and quite rare (only two times on 5 years, over 22 SMTP servers I manage). No other issues have risen out of that. Hope it helps you. 2009/3/12 <steve.dake () gmail com>:
I am curious as to how may people have their email servers configured to perform opportunistic TLS? It seems like a cheap way to mitigate a good portion of your potential email information leakage. If you are against it, I would like to know why. If you have used it for a while, have you had any issues? Just interested in what everyone has to say about the topic. Article: http://securityn00dle.blogspot.com/
-- Saludos, Gustavo Castro Puig. E-Mail: gcastrop () gmail com LPI Level-1 Certified (https://www.lpi.org/es/verify.html LPID:LPI000042304 Verification Code: hp6re8w5qg ) -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/CM/IT/ED dx s-:- a? C(+++)$ UL++++*$ P+ L++++(++)$ E--- W+++$ N+ o? K- w O M V-- PS PE++(-) Y-(+) PGP+ t(++) 5+ X++ R tv+ b++(++++) DI+++ D++ G++ e++ h--- r y+++ ------END GEEK CODE BLOCK------ Registered Linux User #69342
Current thread:
- Opportunistic TLS on mail servers steve . dake (Mar 13)
- Re: Opportunistic TLS on mail servers Eray Aslan (Mar 16)
- Re: Opportunistic TLS on mail servers Gustavo Castro (Mar 16)
- Re: Opportunistic TLS on mail servers Aarón Mizrachi (Mar 19)
- Message not available
- Re: Opportunistic TLS on mail servers Aarón Mizrachi (Mar 24)
- Message not available
- <Possible follow-ups>
- Re: Opportunistic TLS on mail servers Andre Pawlowski (Mar 17)
- Re: Opportunistic TLS on mail servers ad33lh (Mar 24)