Hi,

I've been looking over using stunnel to secure SMTP connections, but am a little confused about how the protocol works. From what I've read, the STARTTLS command is used to allow a client/server to upgrade a connection from plaintext to SSL secured. Further to that, from what I understand, the concept is to allow/use a single port to initiate all connections - ex: port 25.

From what I can tell from stunnel however, is that once stunnel issues the

STARTTLS command, if the client doesn't respond in kind, then the connection is terminated. I've tried reading the RFC, but can't seem to find what happens in the case where the client rejects or does not respond to the STARTTLS command. Logicially, I would expect the SMTP connection to continue normally in plaintext. Apparently, this is not how stunnel works.

Can someone please help fill in the blanks for me please? What is supposed to happen if the client refuses the STARTTLS request from the server? If the connection is supposed to die, why bother with the STARTTLS request at all, and not just impose the SSL encrypted tunnel from the very beginning (as per the old SSMTP specs)?

Thanks,

Eric