Auteur: Daniel Tiefnig Date: À: Exim Mailing List Sujet: Re: [exim] Should MX offer TLS ?
Chris Edwards wrote: > Makes sense. But then it can be argued the bad guy only needs EITHER
> the password OR the data. If he can sniff the content itself on the
> wire, then why bother trying to protect the password ?
So he/she can't relay via my servers using the sniffed user/pass ...
> How do sites who *do* do TLS over the Internet (with no certificate
> checks) get on ? Are there many obscure problems encountered ?
Hmm, I remember some problems with misconfigured MTAs that advertised
TLS, but then weren't able to provide it. The responsible admins blamed
us that we weren't able to send mails to them, because other servers
could send them mail... *sigh* There were quite a lot of them, so I
started using "hosts_avoid_tls = *" too.
After some time of running a medium / large mail site you start avoiding
problems wherever you can, because *lots* of the mailservers out there
are administered by people who really don't know what they're doing.