I am not talking about submission which I guess is what the smtps
option is for and I know GPG is the best method and I also know that
spamd causes plain text transmissions.
With STARTTLS I believe there is a clear text race where an attacker can
create a response stating STARTTLS is unsupported resulting in
cleartext transmission which I believe would not be the case for smtps.
So is there any point in using secure? I guess both can't be run on
port 25 and I guess no-one would use SMTPS if it was running on port
25 but thought I would ask if anyone knew of an RFC of SMTPS on another
port or replacing STARTTLS or any other tips about this.
Thanks,
Kc
--
_______________________________________________________________________
'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'
(Doug McIlroy)
In Other Words - Don't design like polkit or systemd
_______________________________________________________________________
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
