An air gap can't protect against the idiot operator who plugs in his USB stick to watch a movie in the middle of the night out of boredom.

Yes, but the point is that the police will either get you the PD or they will let you go. If you speak to them without a lawyer present then they have zero incentive to do either.

If you insist on speaking to the PD before you're interviewed by the police then they would have incentive to get you a PD faster if they really want your interview. The whole point is to insist on it, though and not to waver no matter what the police say.

Right, but even an overworked PD will be able to help you more if you contact them first before speaking to the police. At the end of the day it's just utterly stupid to say anything to the police without a lawyer present.

It doesn't matter, he can't veto it. 325-100 is a veto-proof passage.

He doesn't have to for it to become law anyways, 325-100 is a veto-proof margin.

I find that I tend to get them after making a few posts, I think their algorithm identifies active participants and gives them points.

It happened in 1998 when the assignment for port 465 as SMTPS was revoked.

There are other options than Amazon, have a look at Madrill

It's done to help with anti-spam in general on the internet. A large percentage of PCs (especially windows PCs) are compromised and blocking outbound port 25 is a standard measure by ISPs to prevent those from being used as spambots. If you have a legitimate need for outbound port 25 traffic then most ISPs will unblock it for you on request (if you have a static IP, that is). That said, even if they do you will still likely be listed on a number of different policy blacklists which you will then have to play whackamole with to get your email accepted by other servers on the internet. A much better approach is to use a relayhost or to get a cheap VPS to relay through.

...which they're *not* doing. This article is a farce written by someone who can't even configure his email client to use the correct port for submission. He's trying to use port 25 which is only for MX to MX communication and not for submission, he should be using 587 and if he did there would very likely be no problems.

Yeah, that's pretty much all that STARTTLS really accomplishes.

That would be SMTPS which is deprecated.

Wrong. STARTLS specifically allows for both plain text and TLS on the same port.

Partially correct. A well configured server will behave this way on the *submission* port (587) but if the MX port (25) were configured this way then you would be blocking a lot of legitimate email from old servers on the internet that do not support STARTTLS and as such is is not recommended to require STARTTLS for port 25 MX to MX communication. Also even when STARTTLS is used the connection is still plain text until STARTTLS is negotiated.

Thanks for giving me a link to yet another piece of software written by someone who doesn't understand the technology behind it.

Wrong again. The only way to have an encrypted SMTP submission channel without STARTTLS (other than tunnelling through ssh or something like that) is via SMTPS (port 465). SMTPS is long ago deprecated and should not be used. Port 465 was *never* officially registered for this use and was essentially "hijacked" and there are only a very small number of old email clients that support SMTPS but do not support STARTTLS. You *should* be using STARTTLS over port 587 which is the submission port. Also STARTTLS is the only legitimate means of encryption between a submission server and an MX.

Of note (which I've also said elsewhere), the real reason the author of the original article had problems is because he is trying to use port 25 for submission. He should be using the submission port (587) and it is highly unlikely that his ISP would be blocking the STARTTLS flag on that port.

Kind of, smtpd_* is for when postfix is the server and smtp_* is for when postfix is the client (ie when it connects to another server to relay mail). At any rate this setting should only be used for submission and not for server to server communication otherwise you will end up blocking mail to and from other servers that do not support TLS (there are many). The default setting for this is "may" which is for "opportunistic" TLS which can fall back to plain text if need be.

If you RTFA you will see that the author is trying to submit mail to port 25 on his email server which is supposed to be for MX to MX communication only. If he were to submit to the proper submission port (587) he would likely find that the STARTTLS flg is not blocked by his ISP, in other words this whole article is a farce written by someone who doesn't know what they're talking about.