Hi,
Is it possible to have two different smtpd_discard_ehlo_keywords settings
based on whether the connection is explicitly encrypted? Since the late
drafts on MTA-STS, I'm thinking about setting some TLS-only MXs up. On one
of the setups I'd like to hide as many capabilities as possible, before the
client issues the STARTTLS command - say leave only the SIZE, STARTTLS and
maybe HELP advertised. Doable? And since I've mentioned HELP - is it
possible to implement it with a custom response?
RFC 3207 states that "A publicly-referenced SMTP server MUST NOT require use
of the STARTTLS extension in order to deliver mail locally". It is therefore
my understanding that disallowing plain-text message transfers on servers
acting as MX/relays is "allowed". In reality - "local mail" may be
handled by
none of the advertised MX servers but I understand that I might be standing
very close to the line or even crossing it. I'm aware what the inbound
deliverability issues might be but I mostly want to measure them.
Thanks,
--
Wojtek Sychut
