* Charles Marcus <cmar...@media-brokers.com>: > On 2012-03-14 2:39 PM, Ed W <li...@wildgooses.com> wrote: > >I see no reason to *require* encryption on the submission port (RFC > >aside). > > Unless you prefer that sniffers not be able to see your passwords > crossing the wire in plaintext? > > >I think "may" is a more appropriate default? > > Disagree vehemently.
The RFC on submission is clear about that. It says SHOULD and not MUST. It is safe to AUTH if you use cram-md5, digest-md5, ntlm or any other non-plaintext mechanism. Forcing TLS by default is safer, but it pushes a policy on people the SHOULD decide themselves, I think. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
