Re: [Exim] EHLO,STARTTLS_and_callout,random

Pàgina inicial
Delete this message
Reply to this message
Autor: Andrey Tverdokhleb
Data:  
A: exim-users
Assumpte: Re: [Exim] EHLO,STARTTLS_and_callout,random
--- Andreas Metzler <eximusers@???>
wrote:
> On 2004-04-27 Andrey Tverdokhleb <atverd@???>
> wrote:
> > I have two questions.
>
> > 1. What is the reason for not accepting STARTTLS
> as the very first
> > command in a session?
> > Exim 3.x allowed this, but 4.x doesn't and looking
> at the source
> > code it seems like very intentional check.
>
> I assume because it is the right thing to do, a
> client that tries to
> use a SMTP service extension without checking
> whether the server
> offers it seems to be broken.


Well, I'm asking actually because I heard that
STARTTLS without EHLO is some kind of security threat
and would be interested in getting more details if
this is true.






__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover