I clearly only want encrypted transfer and never unencrypted. And if the certificate does not match mine, I want an error and not fall back to plain text.
PS: Or do I have to use my plugin to get it secure?
[code] dim email as new CURLEmailMBS
email.SetFrom “test@test.test”, “Christian Schmitz”
email.AddBCC “test@test.test”, “Christian Schmitz”
for each emailText as string in emails
email.AddTo emailText, AnName.Text
next
This does uses TLSv1.2 / DHE-RSA-AES256-GCM-SHA384 for me.
And it accepts only the right certificates and not a fake one based on some other root certificate.
Looks like SMTPSecureSocket is falling back to insecure if it doesn’t get a certificate, when it should abort with an error.
I’ve seen many hotel WiFi systems divert email on port 25 to an internal server that masquerades the mail server, then forwards the email.
I found out by accident only because I have SPF set up for my mail server and the hotel’s IP got bounced as ‘not authorized to send email for this domain’
I immediately set up my server with a certificate and set Thunderbird and such to ONLY connect via Secure on port 495 for outgoing mail.
I’m more scared by the reaction of Xojo people. The bug case is not even reviewed, no reply and not much response in general.
Seems like nobody is using it?
I just assigned my top 1 feedback position to this case
<https://xojo.com/issue/39516>
If we want them to look at it, we probably should add it to our list of important stuff.
it’s now ranked 155th.
Before I assigned my points it wasn’t ranked.
Remember that feedback is the official support channel, and not this place
I made it my #1 feedback position too. Now Rank is now 55.
We should start working together on this type of stuff. We should all pick one thing that most of us need to push it to the top. Eventually all our problems would go away.