On 5/15/08, Aidas Kasparas <[EMAIL PROTECTED]> wrote: > Sam Varshavchik wrote: >> Aidas Kasparas writes: >> >>> I do not have arguments why courier should not fallback in 454 cases >>> [remember "be liberal at what you accept" internet principle?]. >> >> Because any 4xx SMTP error code means exactly that: "try again later", >> not "try something else entirely, which is less secure". [snip] > Therefore, I would agree that fallback to plain ESMT from 354 is > "slightly less private" but no "less secure". But, we MUST NOT relay on > that privacy which STARTTLS offers, therefore I see no problem doing > fallback (with exception when STARTTLS is explicitly requested).
Wrong. A breach of "privacy" is a breach of "security". Period. Delivery should be done within the confines of what the session has negotiated - no more, no less. jerry -- I wish I had your happiness And you had a do-wacka-do-wacka-do-wacka-do-wacka-do-wacka-do -Roger MIller ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
