Matus UHLAR - fantomas writes:
Mainly, but not mostly. When I enabled TLS last time, I got many different errors, e.g. related to invalid/unsecure encryption algorithm, SSL version, etc.And, even for case you mention, permanent error was generated. >In this case, this setting is Courier-specific, so you will never run >into that situation. If Courier does not have a cert, it's not going >to advertise STARTTLS. Luckily for us who run courier at server side. But this has nothing to do with courier trying to negotiate TLS with remote servers and returning mail with permanent error if it fails. I can't watch over logs which servers have problems and turn TLS off for them, which it is what I've tried before - only if I'd be fine to return such mail permanently. If the error was temporary, I could disable TLS negotiation for remote server and ask them to fix the problem.
After some soul-searching, I've changed my mind. I'm going to change so that the default configuration ignores errors in response to a STARTTLS. This won't help if the other server accepted a STARTTLS, but the actual TLS negotiation failed, because of a cipher mismatch, or something of this sort. The TLS session is broken at this point, everyone's screwed, and you can't do anything there.
There will be a setting to treat all STARTTLS errors as soft errors, or revert to the current behavior of a hard error, if someone still wants this.
While digging this apart, I think I also figured out why some people were occasionally reporting, over the years, a confusing "No such file or directory" error message. It turns out that this was related – instead of returning an error code, the other server was closing the socket without even the courtesy of a 5xx.
pgpzA0ZmpoL5a.pgp
Description: PGP signature
------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
