Reputation:
Is starttls+smtp the same with SMTP over SSL?
I'm going to generate and send password to user's mail. Of course, I want to do it safely.
Googling showed me that I can simply use smtps but system administrator told me that our post server doesn't support SSL. He said I should use pop3 and it uses SSL.
I know nothing about post protocols and have some questions:
1) Is it possible to send messages with POP3? I read that it's only for recieving messages.
2) As I understand after looking through java-mail code examples there is 2 ways of using safe smtp:
a) mail.ssl.enabled=true
b) mail.smtp.starttls.enable=true
Quote from documentation
In addition, the "imap" and "smtp" protocols support use of the STARTTLS command (see RFC 2487 and RFC 3501) to switch the connection to be secured by TLS.
Use of the STARTTLS command is preferred in cases where the server supports both SSL and non-SSL connections. - See more at: http://javamail.java.net/docs/SSLNOTES.txt#sthash.vcrMDaqh.dpuf
Does it mean I can use smtp with starttls=true even if post server doesn't support SSL?
I personally think that any modern post server supports SSL. It seems I misunderstood sysadmin. Unfortunately, I can't ask him right now due to some reasons.
I would be very grateful if somebody could clear up the situation.
Upvotes: 0
Views: 805
Answers (1)
Reputation: 310985
Is starttls+smtp the same with SMTP over SSL?
Any protocol that uses STARTTLS is in SSL mode after the STARTTLS command is issued.
Googling showed me that I can simply use smtps but system administrator told me that our post server doesn't support SSL. He said I should use pop3 and it uses SSL.
If that's what your system administrator really said, he doesn't know what he is talking about. SMTP is for sending email. POP3 is for receiving it. They are not equivalent or interchangeable in any way shape or form. POP3 does not use SSL by default, although like SMTP it can.
Does it mean I can use smtp with starttls=true even if post server doesn't support SSL?
Of course not.
It seems I misunderstood sysadmin.
No, it seems he misunderstood you, or the problem, or email infrastructure, or all three.
Unfortunately, I can't ask him right now due to some reasons.
Probably a good thing.
Upvotes: 1
Related Questions
- SMTP STARTTLS certificate negotitiation via telnet
- is starttls.enabled = true is safe for mail sending from java code?
- Using SMTP, Gmail, and STARTTLS
- Send Email with STARTTLS
- SMTP STARTTLS: how to behave if remote SMTP server has self-signed certificate?
- openssl to negotiate SSL encryption for STARTTLS
- About STARTTLS SMTP Command
- How do I properly setup javamail to use STARTTLS?
- When connecting to SMTP servers should I try SSL or TCP/STARTTLS first?
- Javamail and TLS? (not STARTTLS)