>>On 03.11.11 20:48, Sam Varshavchik wrote: >>>Well, Courier does have something similar, an optional way to force >>>all mail to a known domain to use TLS, and use a certificate with a >>>verified signature. >>> >>>But this is purely opt-in.
>Matus UHLAR - fantomas writes: >>That's why I'd like make it possible to opt-out. Simply: make it >>temporary error when TLS fails. On 04.11.11 08:29, Sam Varshavchik wrote: >Actually, in this case it will NOT fail. > >The failures that you're talking about are mainly caused by >incompetent idiots running an incompetent mail server made by >Microsoft, with an incompetent point-and-click configuration >interface that lets you turn on the "enable TLS" checkbox, but >without uploading your certificate, and the incompetent mail server >actually advertising STARTTLS, but without having an actual >certificate at hand. So, when you take up on its offer to initiate >TLS, only then it figures out that it does not have a cert, and >barfs. Mainly, but not mostly. When I enabled TLS last time, I got many different errors, e.g. related to invalid/unsecure encryption algorithm, SSL version, etc. And, even for case you mention, permanent error was generated. >In this case, this setting is Courier-specific, so you will never run >into that situation. If Courier does not have a cert, it's not going >to advertise STARTTLS. Luckily for us who run courier at server side. But this has nothing to do with courier trying to negotiate TLS with remote servers and returning mail with permanent error if it fails. I can't watch over logs which servers have problems and turn TLS off for them, which it is what I've tried before - only if I'd be fine to return such mail permanently. If the error was temporary, I could disable TLS negotiation for remote server and ask them to fix the problem. -- Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
