Loading ...
Sorry, an error occurred while loading the content.

295753Re: postfix hardening - what can we do?

Expand Messages
  • lists@rhsoft.net
    Oct 4, 2013
    • 0 Attachment
      Am 04.10.2013 13:43, schrieb LuKreme:
      > On 03 Oct 2013, at 12:48 , micah <micah@...> wrote:
      >> Providing a TLS-wrapped, from the beginning, port is better than offering STARTTLS.
      >
      > No, it really isn’t.
      >
      > I’m not clear on what problem you ae trying to solve. You seem to want “mo security” without
      > any evidence that the current security is insufficient.

      keep in mind you are very new in context of mailservers

      http://www.postfix.org/CVE-2011-0411.html

      >> SMTP over TLS uses the same TLS protocol that is also used to encrypt
      >> traffic between web clients and web servers. But, there is a subtle
      >> difference in the way TLS is used, and that makes this flaw possible

      yes this is fixed, but without the plaintext start it would not have been possible

      > And rejecting plain text email acceptance? Well’s you might as well not have a mailserver.

      he is speaking about *submission* which is *always* authenticated and
      there it is a good idea to enforce encryption if you rae in the position
      to start with a new mailserver and need not to care about existing
      client configurations which would break if you enforce it later
    • Show all 14 messages in this topic