On Sun, Feb 23, 2014 at 12:38:26PM -0500, Wietse Venema wrote:
> Applied to Postfix 2.8 and onwards.
Thanks. Returning to the OP's question, disabling anonymous
cipher-suites will no substantially help to (after the fact) detect
MITM attacks. All the attacker has to do is present some other
certificate from some trusted CA.
Without name checks (which don't apply for opportunistic connections)
the difference between "Trusted" and "Untrusted" is not in fact
that the former indicates absense of a man-in-the-middle. Rather,
with "Trusted" you can potentially enable a "secure-channel" for
later connections (tls policy table, ...) and get MITM protection,
for future connections (provided you don't trust any "rogue" CAs).
--
Viktor.
