Hi. Yeah. Just saw this now. Sorry, I've been offline the last few weeks.
Indeed, the mail server uses TLS where available.
The thing to note is that TLS can do authentication, and encryption, and whilst you may require authentication between 2 particular servers (e.g. for mail relaying etc.) it's NOT required if authentication isn't necessarily required - that is, whilst I have no certificate-authorisation to any other server, we'll still talk TLS to any server that will accept it, simply for the channel to be encrypted... This section frm RFC 2487 can explain things more clearly ! :
quote = rfc 2487:
5.1 Processing After the STARTTLS Command
After the TLS handshake has been completed, both parties MUST
immediately decide whether or not to continue based on the
authentication and privacy achieved. The SMTP client and server may
decide to move ahead even if the TLS negotiation ended with no
authentication and/or no privacy because most SMTP services are
performed with no authentication and no privacy, but some SMTP
clients or servers may want to continue only if a particular level of
authentication and/or privacy was achieved.
In other words, it's valid to use TLS without certificates, simply to achieve an encrypted session, but with no guarantees of identity.
Incidently, I've just moved the caravelmail relay to another server (if you are tracking by IP, it's changed from 66.148.74.43 to 66.148.74.46) -- this server doesn't have TLS currently, but maydo in the future.
More important stuff will in future come via a different server - unfortunately, it seems there are many daft sites out there that block mail IP addresses as 'spammers' simply because they send more than XXX messages in a certain timeframe... Many sites are blocking caravel mail because of this.
Click here to view the secret text
×In my personal opinion any mail-admin running such a system should be shot.
Hopefully, I'll be able to automate blocks, and maybe get a PM to automatically be sent to users when their email is being blocked.. Whatever, Erik and I are currently working on improving the reliablility of the mailouts.
____________________________
#f3i2g#
Disclaimer: I'm Welsh, left-handed, and stupid.
#f3i2g#
[Last edited by jamie at 10-21-2007 11:48 PM]