At 23:49 22-10-2008, Ivar Lumi wrote:
After reading RFC 3207, i found probably non documented item.
S: 220 Go ahead
C: <starts TLS negotiation>
C & S: <negotiate a TLS session>
C & S: <check result of negotiation>
Now if negotiation fails, whats then ?
Send error ? close connection ?
Whats the proper action ?
Quoting that RFC:
"If the TLS negotiation fails or if the client receives a 454
response, the client has to decide what to do next. There are three
main choices: go ahead with the rest of the SMTP session, retry TLS
at a later time, or give up and return the mail to the sender. If a
failure or error occurs, the client can assume that the server may be
able to negotiate TLS in the future, and should try negotiate TLS in
a later session, until some locally-chosen timeout occurs, at which
point, the client should return the mail to the sender. However, if
the client and server were only using TLS for authentication, the
client may want to proceed with the SMTP session, in case some of the
operations the client wanted to perform are accepted by the server
even if the client is unauthenticated."
The proper action is a matter of local policy. If the SMTP server
requires a secure transport, then the SMTP client won't be able to
send the message in that session.