From: Bastian Blank (bastian+postfix-users=postfix.orgwaldi.eu.org)
Date: Mon Jul 27 2009 - 13:36:48 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 27, 2009 at 08:03:20AM -0400, Wietse Venema wrote:
> Jake Vickers:
> > Now I know I posted the other day about disabling SSLv2, but if I add
> That solution was for MANDATORY TLS encryption. If TLS is not mandatory,
> then disabling SSLv2 is pointless: you allow plaintext email.

I don't think this is completely correct. I can still have
authentication only enabled over secure connections
(smtpd_tls_auth_only) but allow unencrypted connections for normal mail.
Then SSLv2 can't be considered as secure.

Bastian

--
Virtue is a relative term.
                -- Spock, "Friday's Child", stardate 3499.1

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]