Zitat von Bernhard Rohrer <grayl...@sm-wg.net>:
This gave me an idea: what do people think about an ESMTP extension that enforces TLS? MTA1 ----------> MTA2 ---------> MTA3 TLS TLSwith the idea of having an X-header that basically says "do not forward if no TLS available"so MTA1 sends to MTA2 encrypted. MTA2 reads that header and says EHLO to MTA3. If MTA3 does not reply with TLS, MTA2 retunrs an NDR to MTA1 with "could not deliver, TLS not available". The big problem that I see is backward compatibility - one would need a ehlo flag that signifies this capability in order to enable MTA1 not to send to MTA2 if MTA2 was not able to recognize the header.
This does not add any benefit or security. There is no way for the sender to see if the receiving MTA is lying and ditch the header or does nothing with it at all. If you need secure/authenticated e-mail have a look at S/MIME and PGP for example at http://www.postfix.org/addon.html#security-gateway.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
