On 2/7/15 8:51 AM, Hanno Böck wrote:
> On Sat, 7 Feb 2015 08:40:07 -0500
> Jeff Potter <jpotter-cour...@codepuppy.com> wrote:
>
>> 465 has the benefit that the STARTTLS keyword can’t be MITM stripped.
> That's kinda the thing: STARTTLS doesn't really make that much sense
> any more in a world where we essentially want to deprecate
> non-crypto-logins.
>
> Mail settings with "starttls if available" should be considered
> dangerous. If they use starttls they need to fixate that and make sure
> it can't be randomly removed.

I am on this list for courier-imap, but I use postfix for SMTP.  Postfix
has an option to only allow auth over under SSL (smtpd_tls_auth_only=yes
# only allow auth under ssl).

So, I believe this can be enforced on the (Postfix) server-side.  Is
there an equivalent for courier smtpd?

-- 
-Justin
justinval...@gmail.com


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to