From c57122514e91aca665e626dc814823d0fb7378b8 Mon Sep 17 00:00:00 2001 From: Jean-Denis Vauguet Date: Sat, 13 Jun 2020 06:03:30 +0200 Subject: [PATCH] Updated A mail server's 101 (markdown) --- docs/content/a-mail-server's-101.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/a-mail-server's-101.md b/docs/content/a-mail-server's-101.md index e2ff39b4..acfd97e1 100644 --- a/docs/content/a-mail-server's-101.md +++ b/docs/content/a-mail-server's-101.md @@ -134,7 +134,7 @@ Me <--------------- ┤ ├ <----------------- ┊ The best practice as of 2020 when it comes to securing Outward Submission is to use _Implicit TLS connection via ESMTP on port 465_ (see [RFC 8314](https://tools.ietf.org/html/rfc8314)). Let's break it down. -- Implicit TLS means the server _enforces_ the client into using an encrypted TCP connection, using [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security). With this kind of connection, the MUA _has_ to establish a TLS-encrypted connection from the get go. The mail server would deny any client attempting to submit email in cleartext (unencrypted, not secure) or requesting a cleartext connection to be upgraded to a TLS-encrypted one (secure if `STARTTLS` is successful). It is also known as Enforced TLS. +- Implicit TLS means the server _enforces_ the client into using an encrypted TCP connection, using [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security). With this kind of connection, the MUA _has_ to establish a TLS-encrypted connection from the get go (TLS is implied, hence the name "Implicit"). Any client attempting to either submit email in cleartext (unencrypted, not secure), or requesting a cleartext connection to be upgraded to a TLS-encrypted one using `STARTTLS`, is to be denied. Implicit TLS is sometimes called Enforced TLS for that reason. - [ESMTP](https://en.wikipedia.org/wiki/ESMTP) is [SMTP](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol) + extensions. It's the version of the SMTP protocol that most mail servers speak nowadays. For the purpose of this documentation, ESMTP and SMTP are synonymous. - Port 465 is the reserved TCP port for Implicit TLS Submission (since 2018). There is actually a boisterous history to that ports usage, but let's keep it simple.