Loading ...
Sorry, an error occurred while loading the content.

275962Re: Configuring TLS with sender login maps

Expand Messages
  • Reindl Harald
    Apr 2, 2011
      Am 02.04.2011 21:00, schrieb Alex:

      >> Fix your client to properly use TLS AND THEN SASL.
      >
      > I'm using the K9 client for Android. Using this method with TLS and
      > SASL I need port 25 open for SMTP and TLS, and 587 for submission and
      > SASL, correct?

      i believe you need some clarify

      SASL-Auth and TLS/SSL are independent

      TLS/SSL is the first step
      587 = submission and implicit SASL-Auth, TLS may
      25 = SASL may, TLS may
      465 = smtps (no TLS handshake, it is SSL per definition)

      the point is that TLS happens while connecting
      on 25/587 the server OFFERS TLS, but it is not requested
      so the first part of the connection is unencrypted
      after the client "sees" STARTTLS the SSL handshake can follow or even not

      on port 465 there is no "may offer", 465 is dedicated SSL

      SASL-Authentication happens AFTER the connection/tls/ssl-handshake
      that is why "SASL only after TLS" makes no sense

      SASL is used for allow or deny relay
      587 (submission) is used only for authenticated clients
      25 CAN be used for that, but is blocked by many providers because
      it maybe used without Authentication because other mailservers deliver their
      messages over port 25 to you and they can not authenticate to a MX
      for normal relaying their users mail

      that is why 25 form most client-networks is blocked outgoing because
      spambots are using port 25 for their crap and if yiu have a account
      you should use 587 for submit your messages to your mail-provider
    • Show all 12 messages in this topic