| 30 | | I checked in ngx_mail_ssl_module source code, it force TLS connection only if there is a smtp authentication. Do you think it is a defect? and may we add invoking ngx_mail_starttls_only in ngx_mail_smtp_mail stage as well? |
| | 30 | I checked in ngx_mail_ssl_module source code at here: |
| | 31 | |
| | 32 | https://github.com/nginx/nginx/blob/master/src/mail/ngx_mail_smtp_handler.c#L664 |
| | 33 | |
| | 34 | it check and force TLS connection only in stage ngx_mail_smtp_auth(). |
| | 35 | for the case that there is no smtp username/password authentication stage, nginx still allow to connect with non-TLS. |
| | 36 | Do you think it is a defect? and may we add one more invoking ngx_mail_starttls_only() in ngx_mail_smtp_mail() or ngx_mail_smtp_rcpt() stage? |
