Re: Lazy network operators

[Joe Abley <jabley () isc org>]

On 14 Apr 2004, at 10:31, Todd Vierling wrote:

> On Wed, 14 Apr 2004, Joe Abley wrote:
>
> : > That was solved 6 years ago. You let them use port 587 instead of 
> 25.
> : > http://www.faqs.org/rfcs/rfc2476.html
>
> : Several graphical, consumer-grade mail clients let you select a port
> : for "outgoing mail (SMTP)" and also have a checkbox for "use a secure
> : connection (SSL)".
>
> : If (port != 25 && use_ssl) the client will assume an SSL-wrapped SMTP
> : server on the other end, and will not use STARTTLS.
>
> : I thought I'd mention it.
>
> You forgot to name the clients in question, since you're trying to 
> help out
> helpdesks here.  I'm sure several folks would like to know the real 
> details.

I didn't give a list because I don't have a good one.

I fell over half a thousand half-crazed, pulling-out-hair e-mails on 
list archives using google when I first went hunting for details on 
this, which is mainly what makes me think this implementation decision 
(to wrap or not to wrap) is widespread.

This is how it works using Apple's Mail.app which ships with Mac OS X; 
it's how it works with the various versions of Outbreak Express that 
I've had occasion to (distainfully!) mess with on relatives' computers. 
It's how it works with the mail client on the Sony Ericsson P800 phone 
(which incidentally only supports SMTP AUTH if you leave SSL turned 
off, which is why the P800 is going back on ebay some time soon).

I'm SMTP/SSL works this way with Outlook 2002 (although that one is a 
bit fuzzy; it also maybe sounds like STARTTLS on a non-wrapped 
connection isn't implemented at all). I've also heard that certain 
vintages of Netscape/Mozilla mail and also Eudora provide STARTTLS as 
an option as well as "use SSL", so maybe the semantics are different 
there.


Joe