On 2025-04-11 at 13:08:39 UTC-0400 (Fri, 11 Apr 2025 17:08:39 +0000) Jeff Kletsky via Postfix-users <postfix...@allycomm.com> is rumored to have said:
> We recently changed hosting for our perimeter MTAs and also switched to > SMTPS, based recent standards-track RFCs. The only Standards Track RFC that recommends SMTPS is 8314, which specifies it for SMTP *submission* only, on port 465. Nothing recommends implicit TLS on port 25, because it cannot be made to interoperate in the real world. > As I can "solve the problem" by going with STARTTLS, this is more of a bug > report than a request to solve the problem. (I'm now aware that the opinions > on wrapper vs. STARTTLS vary.) Not so much. Opinions used to vary more. Since RFC8314 it is pretty broadly recognized that using wrappermode for port 465 is marginally better than STARTTLS on port 587. Essentially no one is of the opinion that wrappermode can be used for port 25 or more generally for any SMTP relay except through special agreements. On port 25, STARTTLS is the only working mechanism for encryption. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
