questions: is `requireTLS` and `opportunisticTLS` options incorrect?

zone-eu / zone-mta

📤 Modern outbound MTA cross platform and extendable server application

European Union Public License 1.2

585 stars 95 forks source link

questions: is `requireTLS` and `opportunisticTLS` options incorrect? #323

Closed titanism closed 1 year ago

titanism commented 1 year ago

Briefly mentioned in an email to you @andris9 – but filing the issue here on GitHub.

I noticed you are missing requireTLS: enforceTLS option altogether, and the option for opportunisticTLS: !!enforceTLS is incorrect, as it should instead be oppportunisticTLS: !Boolean(enforceTLS) (the inverse of boolean).

https://github.com/zone-eu/zone-mta/blob/5daa48eea4aa05e724eb2ab80fd3a957e6cc8c6c/lib/sender.js#L1103

andris9 commented 1 year ago

requireTLS is intentionally missing, to detect policy violation if a MITM removes the STARTTLS extension: https://github.com/zone-eu/zone-mta/blob/5daa48eea4aa05e724eb2ab80fd3a957e6cc8c6c/lib/sender.js#L1271

andris9 commented 1 year ago

opportunisticTLS option seems to be invalid, or rather - it has no effect right now. I think I need to fix it to true 🤔

titanism commented 1 year ago

It already is fixed. See https://github.com/zone-eu/zone-mta/blob/e9b90b60adf0e213ace9dffacba4b8475a5eff71/lib/sender.js#L1103. You fixed it 3 days ago but the commit I linked was to (older) code.