SMTP Server Connection using TLS (ie. port 465) & Secure Authentication ?

Discussion in 'privacy general' started by Defenestration, Apr 10, 2008.

Thread Status:
Not open for further replies.
  1. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    My e-mail client allows me to specify the SMTP connection to be either

    - Regular on port 25
    - Secure to regular (STARTTLS) on port 25
    - Secure to dedicated (TLS) on port 465

    It also has another couple of settings for Authentication:

    - Perform SMTP authentication
    - Require secure SMTP authentication

    If I use Secure to dedicated (TLS) + Perform SMTP authentication, but not require secure authentication, is all data transferred between my e-mail client and the SMTP server (ie. username + password, and all message content) encrypted ?

    Is secure authentication needed when connecting using secure to dedicated (TLS) on port 465 ?

    Same questions for POP - Is all content encrypted when receiving mail on a secure to dedicated connection (TLS) on port 995 ?

    Is it OK to use regular POP authentication when using TLS on port 995 ?

    It's confusing me because you can have both secure authentication and a secure TLS connection.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Hello,

    POP is not encrypted. So in order to encrypt POP, you use tunneling - encapsulate POP in an encrypted communication tunnel.

    This can be done in several ways.

    In your case, the data transfered will be encrypted. However, the two differences between the authentication methods:

    Regular - your credentials are sent in unecrypted form to the server. Once the communication is established, all data sent will be encrypted.

    Secure authentication - you will first establish a secure tunnel and then authenticate using it. This is the preferred method. But you must trust the server you communicate with.

    Mrk
     
  3. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Thrower of things out windows,

    Should I assume you are using TheBat! as your email client?

    You want to use SSL/STARTTLS or TLS, with secure authentication.

    The only question is if your smtp server supports it.
     
Loading...
Thread Status:
Not open for further replies.