Proposed patch to enforce STARTTLS before MAIL FROM
lists at packetmail.net
lists at packetmail.net
Tue Mar 5 19:48:06 UTC 2019
On 3/5/19 12:23 PM, Maxim Dounin wrote:
> Not sure it is a good change.
Thank you for your detailed reply and explanation. I agree with you on
all facets with respect to RFC compliance. I believe the core issue at
hand is the antiquated language in the current RFC conflicting with
common practice -- several final destination MTAs on the public
Internet, depending on their role/use, do require and enforce TLS
communication only either on a per-sender, per-recipient, or per-server
basis. That said your rationale for rejecting the patch is accurate and
mirrors similar expressed in Postfix at
www.postfix.org/postconf.5.html#smtpd_tls_security_level regarding 'encypt'.
If you find the proposed patch satisfactory from a technical aspect I
will commit the patch locally for a specific use case which would fall
under the category of 'dedicated servers'.
For your consideration, perhaps a configuration option of:
starttls dedicated;
With the proposed patch would meet both a use case and RFC requirement aspect.Thanks,
Nathan
More information about the nginx-devel
mailing list