Demi Marie Obenour:
> On 4/15/21 11:00 AM, Wietse Venema wrote:
> > Demi Marie Obenour:
> >> Would the following be a good idea?
> > [a bunch of port-dependent behavior]
> >
> > That is all good and well, but this needs to be made configurable.
> >
> > I boldly assume this will use the xxx_tls_wr
On 4/15/21 11:00 AM, Wietse Venema wrote:
> Demi Marie Obenour:
>> Would the following be a good idea?
> [a bunch of port-dependent behavior]
>
> That is all good and well, but this needs to be made configurable.
>
> I boldly assume this will use the xxx_tls_wrapper_mode parameters,
> instead of
On 15 Apr 2021, at 06:41, Demi Marie Obenour wrote:
> Port 465 defaults to having TLS wrapper mode disabled
Won't this prevent anyone from using smtps?
The example config in postfix works, why not use it?
--
I'm getting really sick of being the voice in the back of the room that
everyone ignor
Demi Marie Obenour:
> Would the following be a good idea?
[a bunch of port-dependent behavior]
That is all good and well, but this needs to be made configurable.
I boldly assume this will use the xxx_tls_wrapper_mode parameters,
instead of replacing them with some totally different mechanism.
Po
On 4/14/21 3:39 PM, Wietse Venema wrote:
> Viktor Dukhovni:
>> On Wed, Apr 14, 2021 at 02:24:23PM -0400, Wietse Venema wrote:
>>> TL;DR: the idea is to change the smtpd_forbidden_commands default
>>> setting to something like:
>>>
>>> CONNECT GET POST pcre:{/^\x16/ Possible TLS handshake}
>>>
>
Viktor Dukhovni:
> On Wed, Apr 14, 2021 at 02:24:23PM -0400, Wietse Venema wrote:
> > TL;DR: the idea is to change the smtpd_forbidden_commands default
> > setting to something like:
> >
> > CONNECT GET POST pcre:{/^\x16/ Possible TLS handshake}
> >
> > Which would match current TLS protocols
On Wed, Apr 14, 2021 at 02:24:23PM -0400, Wietse Venema wrote:
> TL;DR: the idea is to change the smtpd_forbidden_commands default
> setting to something like:
>
> CONNECT GET POST pcre:{/^\x16/ Possible TLS handshake}
>
> Which would match current TLS protocols.
I guess subject to "#ifdef H
TL;DR: the idea is to change the smtpd_forbidden_commands default
setting to something like:
CONNECT GET POST pcre:{/^\x16/ Possible TLS handshake}
Which would match current TLS protocols.
Wietse
