Er, no. TLS-on-connect aka smtps (as opposed to STARTTLS) is only used to support Microsoft MUAs that are more than a couple of years old. They only supported STARTTLS on port 25 and insisted on using the deprecated TLS-on-connect mode on all other ports. This meant they could not support standard Message Submission on port 587. Therefore you should treat smtps (TLS-on-connect on port 465) as the special Microsoft version of RFC 4409 message submission. That is, treat the protocols exactly the same wrt authentication, authorization, firewalls, address validation, etc.
Tony.
Er, no. TLS-on-connect aka smtps (as opposed to STARTTLS) is only used
to support Microsoft MUAs that are more than a couple of years old. They
only supported STARTTLS on port 25 and insisted on using the deprecated
TLS-on-connect mode on all other ports. This meant they could not
support standard Message Submission on port 587. Therefore you should
treat smtps (TLS-on-connect on port 465) as the special Microsoft
version of RFC 4409 message submission. That is, treat the protocols
exactly the same wrt authentication, authorization, firewalls, address
validation, etc.
i recently had the problem that an lotus notes server insisted on
sending emails to one of our clients via port 465. so having mandatory
authentication there actually broke delivery for an exchange sender.
X-Mailer: Lotus Notes Release 6.5.4 March 27, 2005
X-MIMETrack: Serialize by Router on smtp2/xxxxx(Release 6.5.4|March 27, 2005) .....
cheers,
raoul
Raoul Bhatia [IPAX] wrote:
> i recently had the problem that an lotus notes server insisted on
sending emails to one of our clients via port 465. so having mandatory
authentication there actually broke delivery for an exchange sender.
Leave it "broken" for the other end that is. Only way to force them to fix it.
The only acceptable, and standard, way to submit email these days is using port 587 with TLS. And if you have users with broken clients, they can use webmail behind https. I am against facilitating (and thus perpetuating the existence of) old broken clients by making available port 465.
Regards,
Jeroen
Happily Microsoft have fixed their smtps stupidity, so you only need to support it on the server if you need to support users running old versions of Outlook etc. There was never anything particularly wrong with smtps, apart from a dogma in the IETF that it is architecturally wrong. The consensus now is that it was wrong to rescind the port allocation, because that completely failed to stop people (er, Microsoft) from deploying smtps, and just led to interop problems.
Tony (on his iPod).