Re: New default settings for "submission" service?

From: Michael Orlitzky <michael_at_nospam>
Date: Wed Mar 14 2012 - 23:24:57 GMT
To: postfix-users@postfix.org

On 03/14/2012 04:03 PM, Patrick Ben Koetter wrote:
> * Charles Marcus<CMarcus@Media-Brokers.com>:
>> On 2012-03-14 2:39 PM, Ed W<lists@wildgooses.com> wrote:
>>> I see no reason to *require* encryption on the submission port (RFC
>>> aside).
>>
>> Unless you prefer that sniffers not be able to see your passwords
>> crossing the wire in plaintext?
>>
>>> I think "may" is a more appropriate default?
>>
>> Disagree vehemently.
>
> The RFC on submission is clear about that. It says SHOULD and not MUST. It is
> safe to AUTH if you use cram-md5, digest-md5, ntlm or any other non-plaintext
> mechanism. Forcing TLS by default is safer, but it pushes a policy on people
> the SHOULD decide themselves, I think.

I agree with Charles: the defaults should be as safe as possible, but
adjustable in the rare case that the administrator has some idea what
he's doing.

This message: [ Message body ]
Next message: karavelov_at_nospam: "Re: Perl milters?"
Previous message: Ben Rosengart: "Re: Perl milters?"
In reply to: Patrick Ben Koetter: "Re: New default settings for "submission" service?"
Next in thread: DTNX/NGMX Postmaster: "Re: New default settings for "submission" service?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]