Barney Desmond wrote:
Of course, you couldn't enforce this except on a non-public-facing system, or on the submission port (587).
Actually, that's exactly what I just did. I configured a separate listener on 587 and moved all TLS stuff to it. I was reluctant to do so at first (the client is an iPhone and the mail config is rather primitive) but in the end it worked pretty well.
So, now I'm not worried about that option, since the listener on port 25 is non-TLS.
Thanks, -- Florin Andrei http://florin.myip.org/
