[Top] [All Lists]


2008-10-23 04:17:18

Hi Ivar,
At 23:49 22-10-2008, Ivar Lumi wrote:
After reading RFC 3207, i found probably non documented item.

For example:
S: 220 Go ahead
C: <starts TLS negotiation>
C & S: <negotiate a TLS session>
C & S: <check result of negotiation>

Now if negotiation fails, whats then ?
Send error ? close connection ?
Whats the proper action ?

Quoting that RFC:

  "If the TLS negotiation fails or if the client receives a 454
   response, the client has to decide what to do next.  There are three
   main choices: go ahead with the rest of the SMTP session, retry TLS
   at a later time, or give up and return the mail to the sender.  If a
   failure or error occurs, the client can assume that the server may be
   able to negotiate TLS in the future, and should try negotiate TLS in
   a later session, until some locally-chosen timeout occurs, at which
   point, the client should return the mail to the sender.  However, if
   the client and server were only using TLS for authentication, the
   client may want to proceed with the SMTP session, in case some of the
   operations the client wanted to perform are accepted by the server
   even if the client is unauthenticated."

The proper action is a matter of local policy. If the SMTP server requires a secure transport, then the SMTP client won't be able to send the message in that session.

<Prev in Thread] Current Thread [Next in Thread>