OT - TLS question
richard.siddall at elirion.net
Thu Sep 24 19:52:41 IST 2009
Steve Campbell wrote:
> That was sort of my original question - should I use TLS at all?
> The only harm is that they'll be on someone else's network broadcasting
> their passwords. I think most sites set up a server just for this
> "roaming" network traffic and use TLS as a SmartHost type setup. Our
> manager decided we didn't need that extra hardware. It'd only matter to
> people who had their clients set up to use TLS anyway. I know
> Thunderbird defaults to "use it if they offer it", but not sure how most
> other clients do it.
> Anyway, thanks for the input.
I believe you can use TLS on port 587 on an as-needed basis, although
you could configure your MTA to require clients to use TLS. I believe
TLS is negotiated after the client connects, unlike port 465.
BTW, we use a wildcard SSL certificate, which is fairly cheap, on a
machine that's mail.ourdomain.tld, pop.ourdomain.tld,
webmail.ourdomain.tld, and a few other things. The certificate's
installed into our web server, MTA, and POP/IMAP server.
More information about the MailScanner