> On Tue, 2005-05-10 at 16:37 +0200, [EMAIL PROTECTED] wrote: > > I think that this check should be done on the MAIL FROM or > > the RCPT TO and so not directly related to the STARTTLS and > > AUTH. > > > > I would add to my list: > > B2. "mail from" allowed only after AUTH/STARTTLS > > C2. "rcpt to" you can write to this recipient only > > when using AUTH/STARTTLS. > > The mechanisms for requiring STARTTLS are described in the > STARTTLS RFC, http://www.faqs.org/rfcs/rfc2487.html see Section 5.
Thank you Mike, This seems to confirm that we could check wether STARTTLS has been sent when we receive a MAIL FROM or RCPT TO and reply with "530 Must issue a STARTTLS command first" when the recipient is not local (for example). Does anyone think that it would be useful to select wether to allow the "STARTTLS" or not depending on some business rule and not only via a smtp server configuration parameter? This would be a further use-case to add to the list, but I think this is not so usefull: I can't find why we should disable STARTTLS to specific IPs.... Stefano --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
