> On Mar 6, 2019, at 3:44 AM, Wojtek Sychut <postfix076...@regis.tech> wrote:
>
> RFC 3207 states that "A publicly-referenced SMTP server MUST NOT require use
> of the STARTTLS extension in order to deliver mail locally".
Here "locally" means "not outbound" to some other organization.
> It is therefore
> my understanding that disallowing plain-text message transfers on servers
> acting as MX/relays is "allowed".
The intent is to cover all mail you accept from the public at large. So
if you want to comply with 3207, then you can't require TLS for inbound
email. There are no RFC police to make you comply.
As to your original question of advertising a minimal set of ESMTP features
before STARTTLS, other than suppressing pre-TLS "AUTH" to prevent accidental
password leakage from misconfigure MUAs, there's really no point. It would
achieve nothing. The feature makes little sense, and is not implemented.
--
Viktor.
