Am 16.09.2013 16:48, schrieb Dan Langille: > On Sep 16, 2013, at 10:21 AM, Reindl Harald wrote: > >> Am 16.09.2013 16:10, schrieb Dan Langille: >>>> Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs >>>> has really be deprecated everywhere for some time now) >>> >>> For this test, I reconfigured the server to NOT use IMAPS and restarted it. >>> Then I went >>> to my iPhone and turned off SSL for this mail account. >>> >>> That configuration works for my iPhone. >>> >>> Looking via tcpdump, I can see that emails are indeed being downloaded in >>> clear text >> >> you need to understand the difference between IMAPS/POP3S on the dedicated >> 9xx ports versus STARTLS on 143/110 > > I believe I do understand. > >> http://en.wikipedia.org/wiki/STARTTLS > > Yes, that's what I those STARTTLS was. > >> if you turn off SSL it is turned off >> on sane clients like thunderbird you can switch between cleartext/STARTTLS >> and SSL > > So far, with all we've tried, the only secure option appears to be self > signed certificates
having like here since 2009 a Thawte certificate for SMTP/POP3/IMAP/HTTPS without any issue is the better option because it is accepted by *any* client and not *that* expensive dealing with self-signed certificates is *plain wrong* because you educate your users happily confirm SSL warnings in their clients and having the final result of this in mind it's better not offer SSL at all
signature.asc
Description: OpenPGP digital signature
