1. Forum
  2. USENET
  3. comp.mail.sendmail

  • Mandatory STARTTLS ?

    From John Levine@johnl@taugh.com to comp.mail.sendmail on Thu Jan 29 19:45:48 2026
    From Newsgroup: comp.mail.sendmail

    In the IETF last call about the SMTP applicability statement, we are
    having a long argument about making STARTTLS mandatory.

    One group says (sligtly oversimplifying) that it's more secure, we should mandate it.

    The other group says there are still corner cases where plain text is
    useful, e.g., dusty printers saying they're out of paper, or mail to
    postmaster telling him that his cert has expired, and if you want to
    mandate TLS on your own system, you have MTA-STS and DANE.

    What do you think? Any chance sendmail would completely remove non-STARTTLS mail?
    --
    Regards,
    John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
    Please consider the environment before reading this e-mail. https://jl.ly
    --- Synchronet 3.21b-Linux NewsLink 1.2
  • From Claus =?iso-8859-1?Q?A=DFmann?=@INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org to comp.mail.sendmail on Fri Jan 30 00:57:46 2026
    From Newsgroup: comp.mail.sendmail

    John Levine wrote:
    In the IETF last call about the SMTP applicability statement, we are
    having a long argument about making STARTTLS mandatory.

    That is/was a mess.

    The other group says there are still corner cases where plain text is
    useful, e.g., dusty printers saying they're out of paper, or mail to postmaster telling him that his cert has expired, and if you want to

    Or TLS versions/implementations/... incompatibilities or ...

    mandate TLS on your own system, you have MTA-STS and DANE.

    And other options, e.g., an admin can configure sendmail that way
    if they think it is needed.

    What do you think? Any chance sendmail would completely remove non-STARTTLS mail?

    No.
    --- Synchronet 3.21b-Linux NewsLink 1.2
  • From Marco Moock@mm@dorfdsl.de to comp.mail.sendmail on Fri Jan 30 07:38:54 2026
    From Newsgroup: comp.mail.sendmail

    On 29.01.2026 19:45 Uhr John Levine wrote:

    The other group says there are still corner cases where plain text is
    useful, e.g., dusty printers saying they're out of paper, or mail to postmaster telling him that his cert has expired, and if you want to
    mandate TLS on your own system, you have MTA-STS and DANE.

    There are many machines that don't support it or only support only
    ciphers that current OS versions don't support. Some of them are rather
    new.

    What do you think? Any chance sendmail would completely remove
    non-STARTTLS mail?

    I hope not, as that means old versions will be kept to support the old
    (and sometimes expensive) devices.
    IIRC you can actually configure sendmail to only accept mail with
    startls, see DAEMON_OPTIONs etc.
    --
    kind regards
    Marco

    Send spam to 1769712348muell@stinkedores.dorfdsl.de

    --- Synchronet 3.21b-Linux NewsLink 1.2