[Ach] SMTP client mode ciphers
cm at coretec.at
Tue Nov 19 11:46:23 CET 2013
On Tue, Nov 19, 2013 at 12:49:42AM +0100, Wolfgang Breyha wrote:
> On 2013-11-18 23:24, christian mock wrote:
> > In reality, a lot of people are "managing" SMTP servers that shouldn't.
> And exactly those should not change ciphers at all;-) And all the others
> wouldn't mind to read some details IMO.
I concur with pepi -- they should *enable* ciphers, because we want as
much MXen with opportunistic TLS enabled as possible.
> > I think that depends; from your point of view as a university admin,
> > you probably have no influence on the client software. A company admin
> > may completely control the choice of clients and may be able to reduce
> > the cipher suites more.
> But the document does not have a "point of view" and wants to give
> recommendations for all admins.
Sure. Which brings us to the same remark as WRT web server config:
know your clients, choose your ciphers accordingly...
> I will try to add a "SMTP overview" seciton and some additional stuff to
> the exim section.
> Please understand all of the stuff I add(ed) as "open for discussion".
I certainly will discuss it ;-)
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
More information about the Ach