On Thu, Feb 04, 2016 at 07:00:44PM -0800, Ned Freed wrote: > > Yes, of course with cleartext transmission in the absence of STARTTLS > > support. I had expected that would have been clear from context. > > That's in no way sufficient. Not only do you have to be willing to do without > STARTTLS, you also have to be willing to close the connection and try another > in the event that the server offers STARTTLS, the client attempts to use it but > the TLS negotiation fails for some reason. This is true, reasonably well known[1] and largely tangential to the topic of this thread which is ietf.org disabling SSLv3 support in SMTP STARTTLS. My point is that this action, be it mostly symbolic, is at this time harmless as the overwhelming majority of TLS-capable servers and clients can now do TLSv1 or better. -- Viktor. [1] http://www.postfix.org/TLS_README.html#client_tls_may With opportunistic TLS, mail delivery continues even if the server certificate is untrusted or bears the wrong name. When the TLS handshake fails for an opportunistic TLS session, rather than give up on mail delivery, the Postfix SMTP client retries the transaction with TLS disabled. Trying an unencrypted connection makes it possible to deliver mail to sites with non-interoperable server TLS implementations. The implementation and documentation of this was joint work with Wietse back in early 2006. These days, when STARTTLS fails, Postfix tries other MX hosts first and if they all fail, defers the mail initially. Cleartext fallback kicks in on the second delivery attempt if STARTTLS fails again.