|Main Archive Page > Month Archives > postfix-users archives|
On 03/14/2012 04:03 PM, Patrick Ben Koetter wrote:
> * Charles Marcus<CMarcus@Media-Brokers.com>:
>> On 2012-03-14 2:39 PM, Ed W<firstname.lastname@example.org> wrote:
>>> I see no reason to *require* encryption on the submission port (RFC
>> Unless you prefer that sniffers not be able to see your passwords
>> crossing the wire in plaintext?
>>> I think "may" is a more appropriate default?
>> Disagree vehemently.
> The RFC on submission is clear about that. It says SHOULD and not MUST. It is
> safe to AUTH if you use cram-md5, digest-md5, ntlm or any other non-plaintext
> mechanism. Forcing TLS by default is safer, but it pushes a policy on people
> the SHOULD decide themselves, I think.
I agree with Charles: the defaults should be as safe as possible, but
adjustable in the rare case that the administrator has some idea what