On Mon, Feb 24, 2014 at 12:25:50AM +0100, Dirk St?cker wrote:
> >> smtp_tls_exclude_ciphers=aNULL
> >>
> >> for the transport that delivers mail between your internal systems.
> >
> >Does not sound like what I want. I don't want to hardcode a
> >specific handling for some servers, I want that the "trusted"
> >state is logged properly in any possible case.
>
> Here I was wrong. At least it fixes the immediate trust issue.
It forces the use of ciphersuites that employ server certificates.
> But if I'm right it still does not even try to verify the hostname,
> right?
As documented "may" does not attempt to authenticate the MX host,
it is not possible to do that generically without explicit peername
match settings. MX indirection makes this impractical and insecure.
SMTP is not HTTP.
> I hope there aren't any TLS capable mailservers, which fallback to
> unencrypted transmission, when I use this.
Fallback is up the client. I am not aware of any Internet facing
MX hosts that offer STARTTLS without any server certificate. Lots
of SMTP clients (not Postfix) don't support anonymous cipher-suites,
and such servers would have a lot of trouble receiving email.
--
Viktor.
