Loading ...
Sorry, an error occurred while loading the content.

293835Re: STARTTLS not announced?!

Expand Messages
  • Benny Pedersen
    Jun 15 6:58 AM
    • 0 Attachment
      Jeroen Geilman skrev den 2013-06-15 15:35:

      > Quoted from the above documentation:
      >
      > smtpd_tls_auth_only (default: no)
      > "When TLS encryption is optional in the Postfix SMTP server,
      > do not announce or accept SASL authentication over unencrypted
      > connections. "

      it does not say it disables auth anywhere, it just says it would not be
      possible to connect without starttls or not, starttls on its own have
      nothing to do with auth or not

      check your own logs how many clients use starttls without auth

      just becurse it seldom seen in real life that no one will send auth
      over an non tls/ssl does not mean it does not work

      postfix have both auth and starttls, starttls is just for clients to
      use ssl/tls on port 25, email clients will not use starttls in 2013,
      since submission is the right thing anyway

      > In other words, yes, setting this option in conjunction with
      > "smtpd_tls_security_level = may" *requires* TLS in order to AUTH.
      >
      > smtpd_tls_security_level = encrypt means the server will *reject* any
      > commands that are not STARTTLS, until a TLS connection has been
      > established.
      >
      > This includes AUTH.

      it still not needed to use ssl/tls to make auth work

      --
      senders that put my email into body content will deliver it to my own
      trashcan, so if you like to get reply, dont do it
    • Show all 20 messages in this topic