On Tuesday 10 May 2005 18:59, [EMAIL PROTECTED] wrote: > > On Tue, 2005-05-10 at 16:37 +0200, [EMAIL PROTECTED] wrote: > > > I think that this check should be done on the MAIL FROM or > > > the RCPT TO and so not directly related to the STARTTLS and > > > AUTH. > > > > > > I would add to my list: > > > B2. "mail from" allowed only after AUTH/STARTTLS > > > C2. "rcpt to" you can write to this recipient only > > > when using AUTH/STARTTLS. > > > > The mechanisms for requiring STARTTLS are described in the > > STARTTLS RFC, http://www.faqs.org/rfcs/rfc2487.html see Section 5. > > Thank you Mike, > > This seems to confirm that we could check wether STARTTLS has been sent > when we receive a MAIL FROM or RCPT TO and reply with "530 Must issue a > STARTTLS command first" when the recipient is not local (for example). > > Does anyone think that it would be useful to select wether to allow the > "STARTTLS" or not depending on some business rule and not only via a smtp > server configuration parameter? This would be a further use-case to add to > the list, but I think this is not so usefull: I can't find why we should > disable STARTTLS to specific IPs....
Consider that some servers relay though James from an internal trusted network, they do not need to issue STARTTLS, others however are relaying through a public network an are thus required to issue STARTTLS (perhaps even with client-certificate authentication). So we do not disable STARTTLS for the internal servers, but on the other hand do not require it either. --Søren > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Søren Hilmer, M.Sc. R&D manager Phone: +45 72 30 64 00 TietoEnator IT+ A/S Fax: +45 72 30 64 02 Ved Lunden 12 Direct: +45 72 30 64 57 DK-8230 Åbyhøj Email: soren.hilmer <at> tietoenator.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
