On Mon, Jul 27, 2009 at 08:03:20AM -0400, Wietse Venema wrote:
> Jake Vickers:
> > Now I know I posted the other day about disabling SSLv2, but if I add
> That solution was for MANDATORY TLS encryption. If TLS is not mandatory,
> then disabling SSLv2 is pointless: you allow plaintext email.
I don't think this is completely correct. I can still have
authentication only enabled over secure connections
(smtpd_tls_auth_only) but allow unencrypted connections for normal mail.
Then SSLv2 can't be considered as secure.
Bastian
--
Virtue is a relative term.
-- Spock, "Friday's Child", stardate 3499.1
