OT - TLS question
lists at elasticmind.net
Tue Sep 29 13:35:10 IST 2009
Jason Ede wrote:
>> That was sort of my original question - should I use TLS at all?
>> The only harm is that they'll be on someone else's network broadcasting
>> their passwords. I think most sites set up a server just for this
>> "roaming" network traffic and use TLS as a SmartHost type setup. Our
>> manager decided we didn't need that extra hardware. It'd only matter to
>> people who had their clients set up to use TLS anyway. I know
>> Thunderbird defaults to "use it if they offer it", but not sure how
>> other clients do it.
>> Anyway, thanks for the input.
> We moved to TLS as a requirement for all our outgoing email a year or so back using a proper SSL (didn't cost much at all) mainly to stop passwords being broadcast in the clear and to try and reduce the chance of a compromise. It hasn't caused many problems as we didn't enforce TLS for a while and gave our clients plenty of notification of moving to requiring TLS and then chased up those that didn't make the switch before enforcing the requirement. We have the luxury of having all our outgoing email going through different servers from our inbound email which makes life much easier.
Personally I think yes, you should definitely provide support for TLS
(we do on all our servers). I could be wrong, but I think that once
activated it encrypts the remainder of the SMTP session, so both the
user's credentials and the content of their mail is encrypted. Naturally
not everyone will be using TLS when sending you email on port 25, so you
probably don't want to be enforcing the use of TLS, but definitely make
It's just the same as providing IMAPS and IMAP to cater for people who
do and do not use SSL for their IMAP connections.
More information about the MailScanner