[stunnel-users] SMTP & TLS

[Eric B.]

Hi,

I've been looking over using stunnel to secure SMTP connections, but am a 
little confused about how the protocol works.  From what I've read, the 
STARTTLS command is used to allow a client/server to upgrade a connection 
from plaintext to SSL secured.  Further to that, from what I understand, the 
concept is to allow/use a single port to initiate all connections - ex: port 
25.

>From what I can tell from stunnel however, is that once stunnel issues the 
STARTTLS command, if the client doesn't respond in kind, then the connection 
is terminated.  I've tried reading the RFC, but can't seem to find what 
happens in the case where the client rejects or does not respond to the 
STARTTLS command.  Logicially, I would expect the SMTP connection to 
continue normally in plaintext.  Apparently, this is not how stunnel works.

Can someone please help fill in the blanks for me please?  What is supposed 
to happen if the client refuses the STARTTLS request from the server?  If 
the connection is supposed to die, why bother with the STARTTLS request at 
all, and not just impose the SSL encrypted tunnel from the very beginning 
(as per the old SSMTP specs)?

Thanks,

Eric