Proposed patch to enforce STARTTLS before MAIL FROM

lists at lists at
Tue Mar 5 19:48:06 UTC 2019

On 3/5/19 12:23 PM, Maxim Dounin wrote:
> Not sure it is a good change.

Thank you for your detailed reply and explanation.  I agree with you on
all facets with respect to RFC compliance.  I believe the core issue at
hand is the antiquated language in the current RFC conflicting with
common practice -- several final destination MTAs on the public
Internet, depending on their role/use, do require and enforce TLS
communication only either on a per-sender, per-recipient, or per-server
basis.  That said your rationale for rejecting the patch is accurate and
mirrors similar expressed in Postfix at regarding 'encypt'.

If you find the proposed patch satisfactory from a technical aspect I
will commit the patch locally for a specific use case which would fall
under the category of 'dedicated servers'.

For your consideration, perhaps a configuration option of:

starttls dedicated;

With the proposed patch would meet both a use case and RFC requirement aspect.Thanks,


More information about the nginx-devel mailing list