Try using STARTTLS without needing to try authentication(user/pass) to protect the actual email communication/content from eavesdropping.

pear / Net_SMTP

PHP SMTP Implementation

https://pear.php.net/package/net_smtp

BSD 2-Clause "Simplified" License

26 stars 38 forks source link

Try using STARTTLS without needing to try authentication(user/pass) to protect the actual email communication/content from eavesdropping. #54

Closed PiBa-NL closed 3 years ago

PiBa-NL commented 5 years ago

Try using STARTTLS without needing to try authentication(user/pass) to protect the actual email communication/content from eavesdropping.

jparise commented 5 years ago

Can you provide a little more context on this change? If this is a security improvement over the existing implementation, why should it be enabled by an option instead of becoming the default behavior?

ichiken60 commented 4 years ago

If the recipient's mail server supports STARTTLS, I think this change, which will be more secure communication, is very useful, but why is it not implemented?

schengawegga commented 4 years ago

Oh sorry. I put my pull request before i´ve seen this one. Why is this functionality not implemented yet? For my reason, i am using a smarthost wich authenticates the client via ip address whitelisting. So no credentials needed. But without these pull resuqest, there is no possiblitiy to start a STARTTLS encrpyted connection to the smarthost without sending credentials. Otherwise only a unectrypted connection to the smarthost is possible. To improve the security for this connection, the pull request is very useful.

jparise commented 3 years ago

Closing this in favor of the similar solution proposed in #64.