Re: A mail relay server for Debian Members is live

To: debian-devel@lists.debian.org
Subject: Re: A mail relay server for Debian Members is live
From: Paride Legovini <paride@debian.org>
Date: Fri, 29 Jul 2022 11:45:58 +0200
Message-id: <[🔎] 64343e7e-67d0-04fe-4cfa-fdd2d26f0c4c@debian.org>
In-reply-to: <[🔎] 871qu4mkrc.fsf@jaatynyt>
References: <87h73gyaiw.fsf@janja.pimeys.fr> <[🔎] f2a82f19-cf75-a087-dbe7-9307b9af2997@debian.org> <[🔎] 871qu4mkrc.fsf@jaatynyt>

Vincent Bernat wrote on 25/07/2022:
> Would it be possible to also make it available on port 465 without
> STARTTLS?

I'd also prefer "full TLS" over STARTTLS, as it is simpler (encryption
from the beginning instead starting with a plaintext session) and
somehow more secure than STARTTLS, see [1], paragraph starting with:

  A man-in-the-middle attack can be launched by deleting the "250
  STARTTLS" response from the server.

This shouldn't be an issue if client and server are properly configured,
but I think it's a good practice to use "full TLS" when possible.

Cheers to DSA for setting up this much needed service!

Paride

[1] https://www.rfc-editor.org/rfc/rfc3207

Reply to:

References:
- Re: A mail relay server for Debian Members is live
  - From: Vincent Bernat <bernat@debian.org>
- Re: A mail relay server for Debian Members is live
  - From: Pierre-Elliott Bécue <peb@debian.org>

Prev by Date: Bug#1016204: ITP: dirty-equals -- Make equality checks in Python unit tests more declarative
Next by Date: Re: Bug#1016130: ITP: asdf -- multiple language runtime version manager
Previous by thread: Re: A mail relay server for Debian Members is live
Next by thread: Bug#1015186: ITP: jruby-rake -- ruby make-like utility - jruby version
Index(es):
- Date
- Thread