muquit
commented
4 years ago It uses golang's StartTLS implementation, so I suspect it will do the right thing. I didn't get a chance to test it however. If you have time, would you test and report it back? Thanks.
Just a brief question: When using STARTTLS (the default) and the server signals that TLS is unavailable (which is what a MITM attacker mimics when performing the so called STRIPTLS attack), is there either
a way to tell mailsend-go to abort the connection (and not transmit the credentials and message) (I didn't spot such a config option)
or does mailsend-go automatically abort the connection in this case?
(neither of the above would be bad, I guess...)
Update: Here's an instructive discussion on serverfault related to this topic.