On 06/03/2019 17:03, Viktor Dukhovni wrote:
As to your original question of advertising a minimal set of ESMTP features before STARTTLS, other than suppressing pre-TLS "AUTH" to prevent accidental password leakage from misconfigure MUAs, there's really no point. It would achieve nothing. The feature makes little sense, and is not implemented.
I have connected to a number of servers set as MX records for a number of domains to get the feeling of how (apart from various howtos) "others are doing it", and saw that there are rather big domains being parked on mail exchanges with really uncommon sets od capabilities (like e.g. none), not advertising SIZE at all, etc. I was wondering what the reasoning for such configurations might be and decided to set MTAs acting similarly to test the deliverability, zombie protection etc. I am normally using postscreen to fight zombies and SpamAssassin and various other SPAM-fighting techniques, but am reasearching more. Other than that, with recent SNI support and (would there be) the ability to get the requested hostname from the client, one could set a different set of capabilities (like SIZE) for different hostnames. This might sound inessential, but bear with me: with HTTP, the client sends Host header to the web server which tells the server which "virtual host" should be used and what document sent to the client. There are no such mechanism in SMTP but with SNI it could theoretically be possible to get the requested hostname as a variable, and then use it to set a nice banner (the one after STARTTLS) and different capabilities for "different" mail exchangers woking on the same IP. -- Wojtek Sychut
