While refreshing my own understanding of mail
authentication, I stumbled across two well written and clearly explained
articles on:
Three ways a mail message can be handled:
·
Unsecured
- no encryption (no SSL or TLS)
·
Explicit
(port based) encryption (SSL)
·
Implicit
(by protocol) encryption (TLS)
and
The sending computer or server could be configured
for:
- No TLS — never use it.
- Opportunistic TLS — use it if it is available, if not, send
insecurely.
- Forced TLS — use TLS or do not deliver the email at all
And for the record, while there are other mail protocols, the majority of our
world will use one of four:
POP(3) (Receiving email)
- Port 110 - this is the default POP3 non-encrypted port
- Port 995 - this is the port you need to use if you want to
connect using POP3 securely
IMAP (Interacting with remote
email stores)
- Port 143 - this is the default IMAP non-encrypted port
- Port 993 - this is the port you need to use if you want to
connect using IMAP securely
SMTP (Sending email)
- Port 25 - this is the default SMTP non-encrypted port
- Port 465 - this is the port used, if you want to send messages
using SMTP securely
- Port 578 - Authenticated SMTP
Exchange MAPI
MAPI is a way for applications and email
clients to communicate with Microsoft Exchange servers,
and is capable of IMAP style syncing of
emails, contacts, calendars, and other features, all tied into local email
clients or applications.
This function of syncing emails is branded
by Microsoft as “Exchange ActiveSync.”
- RPC - this is the default SMTP non-encrypted port
(TCP End Point Mapper port (TCP/135) and the dynamic RPC port range (6005-59530) for outgoing connections)
HTTP/HTTPS
If
using webmail clients but these already have the underlying POP or IMAP running
between the mail server and the webmail (http) server