295753Re: postfix hardening - what can we do?
- Oct 4, 2013Am 04.10.2013 13:43, schrieb LuKreme:
> On 03 Oct 2013, at 12:48 , micah <micah@...> wrote:keep in mind you are very new in context of mailservers
>> Providing a TLS-wrapped, from the beginning, port is better than offering STARTTLS.
> No, it really isn’t.
> I’m not clear on what problem you ae trying to solve. You seem to want “mo security” without
> any evidence that the current security is insufficient.
>> SMTP over TLS uses the same TLS protocol that is also used to encryptyes this is fixed, but without the plaintext start it would not have been possible
>> traffic between web clients and web servers. But, there is a subtle
>> difference in the way TLS is used, and that makes this flaw possible
> And rejecting plain text email acceptance? Well’s you might as well not have a mailserver.he is speaking about *submission* which is *always* authenticated and
there it is a good idea to enforce encryption if you rae in the position
to start with a new mailserver and need not to care about existing
client configurations which would break if you enforce it later
- << Previous post in topic Next post in topic >>