Re: Enforced TLS per MX
- On Thu, Feb 28, 2013 at 12:25:53AM +0100, Jan P. Kessler wrote:
> Am 22.02.2013 17:06, schrieb Viktor Dukhovni:Yes.
> > > Surely, the policy table is indexed by MX hostname as well as
> > > recipient domain.
> > No, it is not. Only the nexthop domain is used since the MX host
> > is derived from unauthenicated MX lookups and is trivially subject
> > to MITM attacks.
> So it would have the same "quality" as the "encrypt" action, no?