On 16/03/2012 11:57, Wietse Venema wrote:
Ed W:
Therefore I'm suggesting that the out of the box config matches the
*RFC*.  Then if the mail owner wants to lock it down to some non RFC
suggested spec they can read the instructions.
SHOULD does not forbid mandatory TLS; only a twisted mind will read
this as "support for plaintext is required". Besides, RFCs are not
the only relevant guidelines. There are plenty other guidelines
that frowm upon plaintext passwords over plaintext connections.

        Wietse

My understanding is that the proposed settings would require TLS even in the event of encrypted password exchange?

There are plenty of reasons to *dislike* non TLS connections, but *banning* plain text seems harsh?

Unless I missed something there should also be no RFC complaints with accepting TLS over port 25? I believe I have my postfix currently configured this way.

Personally I would vote for "smtpd_tls_security_level = may" to become part of the default postfix config (or is it... durr..) so that every service can accept TLS by default. In fact, what objection would you raise for this even to become the default for all services where it makes sense? Then the config can switch to either forcing it off/on as the owner feels fit?

Reply via email to