On 24/03/17 00:30, Viktor Dukhovni wrote:
That answer was for the port 25 inbound MX relay host, which can be changed by updating MX records without any interaction with the users. [...] You are conflating MX hosts with MSAs. Users don't configure their MUAs to talk to MX hosts.
Not quite. In my case the virtual host for the MX record and what is autoconfig'd for the users 465/SSL outgoing mail server setting (I don't provide 587/TLS MSA ports) is the same virtual host so coincidently the MX host is the same as the MUA outgoing mailserver setting. Where I said SMTP I meant SMTPS so that would have confused my point and the MX reference is, as mentioned, coincidentally the same as the SMTPS host. As for port 25/TLS I can set up 2 courier-mta mailservers to optionally use TLS in SNI mode so unauthenticated traffic between them is encrypted while still being able to accept general non-TLS connections.
As I said, there is a legitimate use-case for SNI support in the port 587 submission service, but Postfix does not at present have the requisite feature. Sorry about that.
Sure but if I and some other folks keep pointing out how it could help postfix providers and end users alike then maybe some day it will be.
