On 16/03/2012 07:06, Robert Schetterer wrote:
I forget the exact issue now, but note that I'm not saying that it
*can't* work. What I'm saying is that I have a bunch of "normal" non
technical users. "Johnny" runs through the wizard on his favourite
device and then costs me money in tech support time if it doesn't work
first time. The issue was something like this device either defaulting
to non TLS (and not coping with the server requiring it), or he couldn't
find the button to enable it?
I *encourage* TLS on all new installations, and in fact all the Apple
stuff and new Microsoft /Mozilla clients seem to default to TLS
(great). But at the same time I don't see the issue if someone
*chooses* (or the defaults exclude) to avoid TLS and talk plaintext
Oh, and after the latest firmware update for my Nokia N9 (lovely
phone...) I don't seem to be able to do TLS anymore... Vodafone requires
that you use submission in the UK by blocking port 25, so it's helpful
to be able to use submission without TLS at least until I figure out why
it's not working anymore...
My point was only not *enforcing* it, rather than it shouldn't be
supported? May, not Required.
Hi Ed , an example in a config should run right out of the box with
commented basics if its getting to use.
It cant cover all specials in the world unless you dont want to have
mass of examples, at last in case of postfix, its the job of the postmaster
to cover his local needs, by edit examples, or asking on this list,
reading books etc
all your described special cases can be matched
from general you can use smtp over nearly every port with tls
if this makes sense to you and your place,
at the end its not the job of postfix trying match all existing
firewall setups or client defaults right out of the box
cause this must fail ever
the examples should only demonstrate basics in what can get configured in a
relativ safe
You are arguing in circles. The original point of this thread was to
suggest the defaults better match sensible out of the box defaults. The
specs say "may" offer TLS (not required). I'm highlighting that
recently I had to change my (non default, TLS required) settings for
submissions to make TLS optional because there existed some client which
puked when connecting to a *mandatory* TLS setup.
Therefore I'm suggesting that the out of the box config matches the
*RFC*. Then if the mail owner wants to lock it down to some non RFC
suggested spec they can read the instructions.
You seem to be advocating the out of the box defaults should not match
the RFC, fail to allow at least a small number of clients to connect and
that the mail server owner should read the instructions to get their box
working in line with RFC?
If we are going to adjust the defaults can we please match the RFC?
Thanks
Ed W
