Ed W: > Therefore I'm suggesting that the out of the box config matches the > *RFC*. Then if the mail owner wants to lock it down to some non RFC > suggested spec they can read the instructions.
Wietse: > SHOULD does not forbid mandatory TLS; only a twisted mind will read > this as "support for plaintext is required". Besides, RFCs are not > the only relevant guidelines. There are plenty other guidelines > that frowm upon plaintext passwords over plaintext connections. Ed W: > My understanding is that the proposed settings would require TLS even in > the event of encrypted password exchange? The proposed example configuration can be modified when a site has submission users who traverse links with high latency, low bandwidth, intermittent connectivity, etc. It is not practical to provide an example for every scenario; only one example will suffice, and it will cover the most common case. Wietse