Am 04.10.2013 13:43, schrieb LuKreme: > On 03 Oct 2013, at 12:48 , micah <mi...@riseup.net> wrote: >> Providing a TLS-wrapped, from the beginning, port is better than offering >> STARTTLS. > > No, it really isn’t. > > I’m not clear on what problem you ae trying to solve. You seem to want “mo > security” without > any evidence that the current security is insufficient.
keep in mind you are very new in context of mailservers http://www.postfix.org/CVE-2011-0411.html >> SMTP over TLS uses the same TLS protocol that is also used to encrypt >> traffic between web clients and web servers. But, there is a subtle >> difference in the way TLS is used, and that makes this flaw possible yes this is fixed, but without the plaintext start it would not have been possible > And rejecting plain text email acceptance? Well’s you might as well not have > a mailserver. he is speaking about *submission* which is *always* authenticated and there it is a good idea to enforce encryption if you rae in the position to start with a new mailserver and need not to care about existing client configurations which would break if you enforce it later
