On Mon, Jan 20, 2014 at 11:57:07PM +0100, Wolfgang Breyha wrote:
> On 20/01/14 17:35, Viktor Dukhovni wrote:
> > In Postfix we recommend the following:
> >
> > - Don't request client certificates on the default SMTP port.
> >
>
> Why? Requesting client certs is not a bad idea... my troubles aside.
Because asking for client certificates tickles bugs in client
implementations, and unlike MSAs with client cert based access
rules, MX hosts accept mail from everyone, even cleartext clients,
so client certs are not useful (everything works the same or better
without them).
--
Viktor.