Viktor Dukhovni:
> On Wed, Jan 14, 2015 at 05:27:06PM -0500, Wietse Venema wrote:
>
> > Wietse Venema:
> > > Delivery to port 465 is not built into the Postfix SMTP client
> > > because that protocol has been obsolete for 10+ years. That said,
> > > it would not take much code to support this in the SMTP client.
> >
> > Looks like this may be done by calling smtp_start_tls() instead of
> > smtp_helo() and maybe twiddling a few flags. I'll do a quick
> > experiment and see if this can be done without the risk of breaking
> > existing code.
>
> The security level for "smtps" should be at least "encrypt" or
> ideally "secure", though "fingerprint" and "dane-only" might also
> options. We'd need to rule out "may" so as to avoid plaintext
> fallback.
That does not seem to be a problem - in "port 465" mode
the SMTP client can always skip the plaintext handshake.
I have prelimiary code almost working with little code.
Wietse
