Re: Apache/PHP Installation - opinions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 04/27/2016 12:59 AM, Brandon Vincent wrote:
On Wed, Apr 27, 2016 at 12:50 AM, Alice Wonder <alice@xxxxxxxxxxxxxx> wrote:
That is the only reliable way to avoid MITM with SMTP.

Except I can just strip STARTTLS and most MTAs will continue to connect.


No you can't.

Not with a smtp that enforces DANE.

If my postfix sees that your SMTP publishes a DANE record then it will refuse to connect unless it is a secure connection with a certificate that matches the fingerprint in the TLSA record.

See RFC 7672

But the postfix in RHEL / CentOS 7 does not support that.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux