On Wed, 6 Mar 2019 04:11:41 +0100 Matija Nalis <mnalis-debian...@voyager.hr> wrote:
... > I do agree completely with you that package should strongly indicate > in its docs and description about it's TLS deficiencies. If someone > would write such a documentation patch, perhaps it might have a > chance to be included. > > [ As a side note, even with certificate checking in place there are a > lot of problems in todays "zillion untrusted CAs which we trust > anyway" security model, and even more so if you move from web > world (where clients try to be secure, and even people might > sometimes check basic credentials) to unattended MTA world where > almost nobody does, and vast majority of MTAs will simply by > default silently downgrade to plaintext if they think anything > might be problematic with TLS support etc. ] Attached are some documentation suggestions (I didn't touch the manpage). Celejar
ssmtp-doc
Description: Binary data