Gary lists@lazygranch.com writes:

If I read this correctly, starttls will fail due to the MITM attack. That is the client knows security has been compromised.

I'm not sure what you man by "fail". STARTTLS is prone to MITM attacks if a client has not been configured to refuse non-STARTTLS/SSL sessions. For clients that will allow both secured and plaintext session (like most MTAs), an attacker can strip out the server's STARTTLS capability declaration and fool the client into using an unencrypted session.

Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf use "may" for security, the message would go though unencrypted. Correct???

If it's what I described above, then yes.

Is there something to enable for perfect forward security with starttls?

PFS is enabled using a particular choice of encryption algorithms (in particular, use of ephememeral keys algorithms like ECDHE-*), but this happens after SSL initiaton, whether by STARTTLS, or by connection to SSL ports.

Joseph Tam jtam.home@gmail.com