Details
-
Sub-task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Implement https://datatracker.ietf.org/doc/rfc8689/
Abstract:
The SMTP STARTTLS option, used in negotiating transport-level encryption of SMTP connections, is not as useful from a security standpoint as it might be because of its opportunistic nature; message delivery is, by default, prioritized over security. This document describes an SMTP service extension, REQUIRETLS, and a message header field, TLS-Required. If the REQUIRETLS option or TLS- Required message header field is used when sending a message, it asserts a request on the part of the message sender to override the default negotiation of TLS, [..] by requiring that TLS be negotiated when the message is relayed [..].
Use it on the `smtpserver.xml` `requireSSL` option...