On Wed, Jan 14, 2015 at 05:27:06PM -0500, Wietse Venema wrote:
> Wietse Venema:
> > Delivery to port 465 is not built into the Postfix SMTP client
> > because that protocol has been obsolete for 10+ years. That said,
> > it would not take much code to support this in the SMTP client.
>
> Looks like this may be done by calling smtp_start_tls() instead of
> smtp_helo() and maybe twiddling a few flags. I'll do a quick
> experiment and see if this can be done without the risk of breaking
> existing code.
The security level for "smtps" should be at least "encrypt" or
ideally "secure", though "fingerprint" and "dane-only" might also
options. We'd need to rule out "may" so as to avoid plaintext
fallback.
--
Viktor.
