Re: exim4 and TLS Once Again
- Date: Wed, 30 May 2018 20:58:12 -0400
- From: Michael Stone <mstone@xxxxxxxxxx>
- Subject: Re: exim4 and TLS Once Again
On Wed, May 30, 2018 at 06:22:49PM -0500, David Wright wrote:
AIUI 587 is the standard email submission port and 465 is now
deprecated but often still in use. I think they differ in the
details of how they handle encrypting the session.
From a protocol standpoint 587/tcp is identical to 25/tcp, with the
distinction that it is designated for a end-users to submit messages for
delivery rather than accepting mail for delivery from external mail
relays. The expectation is that there is authentication of the
submission, either via allowed IPs, SMTP AUTH, or some other mechanism.
Networks can block port 25 to reduce spam originating from the network,
but allow 587 for visitors to submit email to their provider for
delivery. Encryption is activated with STARTTLS.
465/tcp was at one time assigned to SMTP over TLS; that is, it is an
alway-encrypted channel like 443/tcp rather than a clear text channel
with encryption upgrade via STARTTLS. 465/tcp has been reassigned to
another protocol (a stupid decision, but that's water under the bridge)
and really shouldn't be used anymore. It would be a very old or odd
installation that supported only 465/tcp and not 587/tcp.