On Wed, Apr 14, 2021 at 02:24:23PM -0400, Wietse Venema wrote:
> TL;DR: the idea is to change the smtpd_forbidden_commands default
> setting to something like:
>
> CONNECT GET POST pcre:{/^\x16/ Possible TLS handshake}
>
> Which would match current TLS protocols.
I guess subject to "#ifdef HAVE_PCRE". Another option to reduce user
surprise is to log warnings when listening on port 465, but TLS wrapper
mode is not enabled. Or, more radically, implicitly enable wrapper mode
when configured to run on port 465.
--
Viktor.
