On Tue, Oct 09, 2012 at 09:05:42AM -0600, Bob Beck wrote:
> Gilles, I'm actually wondering - should there even be a difference?
>
> Every practical implementation of 587 I've ever seen requires auth. Is there
> any sane reason to have "enable auth" not actually require it? I.E. what
> I'm asking is is "enable" (without require) simply a silly knob that
> we're putting
> in place that nobody should use?
>
> If you're accepting without auth, typically I find that's just done on
> port 25 - and
> anywhere I've deployed it that's what we've done.
>
> does anyone have a real use of port 587 with auth turned on but not required?
>
I agree with you that people will probably not want port 587 without auth
turned on so on a practical point of view, we could make it implicit.
There's a syntax issue though because, users will likely be less surprised by:
listen on bnx0 port submission [...] tls-require
listen on bnx0 [...] tls-require
than:
listen on bnx0 port submission [...] # implicit tls-require
listen on bnx0 [...] # not here though
This is really not a code issue as the diff would be a two-liner but do
we want to have this special case with an implicit behaviour just to
avoid using the knob (which has to be there since the general use when
not on port submission is to enable, not require) ?
I killed the "enable" / "require" and replaced it with one single keyword:
tls / tls-require which is slightly better than the former btw :-)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
