[Ach] SMTP client mode ciphers

christian mock cm at coretec.at
Tue Nov 19 11:46:23 CET 2013

On Tue, Nov 19, 2013 at 12:49:42AM +0100, Wolfgang Breyha wrote:
> Hi!
> On 2013-11-18 23:24, christian mock wrote:
> > In reality, a lot of people are "managing" SMTP servers that shouldn't.
> And exactly those should not change ciphers at all;-) And all the others
> wouldn't mind to read some details IMO.

I concur with pepi -- they should *enable* ciphers, because we want as
much MXen with opportunistic TLS enabled as possible.

> > I think that depends; from your point of view as a university admin,
> > you probably have no influence on the client software. A company admin
> > may completely control the choice of clients and may be able to reduce
> > the cipher suites more.
> But the document does not have a "point of view" and wants to give
> recommendations for all admins.

Sure. Which brings us to the same remark as WRT web server config:
know your clients, choose your ciphers accordingly...

> I will try to add a "SMTP overview" seciton and some additional stuff to
> the exim section.
> Please understand all of the stuff I add(ed) as "open for discussion".

I certainly will discuss it ;-)


Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

CoreTEC: Web Application Audit - Damit so etwas nicht passiert!



More information about the Ach mailing list