On Tue, Oct 09, 2012 at 12:02:48PM -0600, Bob Beck wrote: > >> Then what about the opposite ? > >> > >> listen on fxp0 [...] auth # 99% case > >> listen on fxp0 [...] auth-optional # 1% case > > > > > > I'd say this is at least less surprising, and will likely cause less admins > > to open a backdoor for locally destinated mail, bypassing spam > > countermeasures and the likes. > > > > /Alexander > > Now having said that - have we now made it easy for admins to > accidentally enable auth over cleartext connections? > > I.E. if I turn on auth - does it insist on TLS for the auth > connections unless I tell it "please make me insecure" or something > like that? > > (My favorite pet hate with some other MTA's) > > my point is it should be *hard* not easy to turn on auth without TLS. >
Yes, you cannot turn auth without tls/smtps in config and a user cannot request AUTH before he has established a secure channel first ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg
