Ed W: > Therefore I'm suggesting that the out of the box config matches the > *RFC*. Then if the mail owner wants to lock it down to some non RFC > suggested spec they can read the instructions.
SHOULD does not forbid mandatory TLS; only a twisted mind will read
this as "support for plaintext is required". Besides, RFCs are not
the only relevant guidelines. There are plenty other guidelines
that frowm upon plaintext passwords over plaintext connections.
Wietse
