OT - TLS question

Richard Siddall richard.siddall at elirion.net
Thu Sep 24 19:52:41 IST 2009

Steve Campbell wrote:
> That was sort of my original question - should I use TLS at all?
> The only harm is that they'll be on someone else's network broadcasting 
> their passwords. I think most sites set up a server just for this 
> "roaming" network traffic and use TLS as a SmartHost type setup. Our 
> manager decided we didn't need that extra hardware. It'd only matter to 
> people who had their clients set up to use TLS anyway. I know 
> Thunderbird defaults to "use it if they offer it", but not sure how most 
> other clients do it.
> Anyway, thanks for the input.
> steve

I believe you can use TLS on port 587 on an as-needed basis, although 
you could configure your MTA to require clients to use TLS.  I believe 
TLS is negotiated after the client connects, unlike port 465.

BTW, we use a wildcard SSL certificate, which is fairly cheap, on a 
machine that's mail.ourdomain.tld, pop.ourdomain.tld, 
webmail.ourdomain.tld, and a few other things.  The certificate's 
installed into our web server, MTA, and POP/IMAP server.


	Richard Siddall

More information about the MailScanner mailing list