Re: A mail relay server for Debian Members is live
Vincent Bernat wrote on 25/07/2022:
> Would it be possible to also make it available on port 465 without
> STARTTLS?
I'd also prefer "full TLS" over STARTTLS, as it is simpler (encryption
from the beginning instead starting with a plaintext session) and
somehow more secure than STARTTLS, see [1], paragraph starting with:
A man-in-the-middle attack can be launched by deleting the "250
STARTTLS" response from the server.
This shouldn't be an issue if client and server are properly configured,
but I think it's a good practice to use "full TLS" when possible.
Cheers to DSA for setting up this much needed service!
Paride
[1] https://www.rfc-editor.org/rfc/rfc3207
Reply to: