On 03.03.2014 18:06, Viktor Dukhovni wrote: > The problem is indeed man-made. DO NOT unilaterally configure > mandatory TLS. To use TLS, the other side has to signal support > for TLS (be it a bilateral agreement to use mandatory TLS, > opportunistic DANE TLS, or just STARTTLS in the EHLO response).
Yes, the "problem" is man-made. We want to provide a service to our users where they can choose if they want to require TLS on the MTA connection based on the domain from where they send mails from or to which they receive mails. The bounce message is needed to inform them that their communication partner's MTA is not able to speak TLS with us. Then they can decide if they want to send the message via unencrypted channel or not. The "require TLS between MTAs" feature is completely optional. Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
signature.asc
Description: OpenPGP digital signature
