Encryption

[novedevo]

Once the client is working for unencrypted smtp, we should start work on starttls and ssl encryption and whatnot, those are important if sail is to actually be used

[gennyble]

Implicit TLS is expected on 465, and is the recommended method of encrypted mail submission. (fastmail article about ssl,tls, and starttls)
STARTTLS on 587 (for submission) is being deprecated and shouldn't be used? It was common before, but now is being phased out? In a transition period (me too)

However, to maximize the use of encryption for
submission, it is desirable to support both mechanisms for Message
Submission over TLS for a transition period of several years. As a
result, clients and servers SHOULD implement both STARTTLS on
port 587 and Implicit TLS on port 465 for this transition period.

• RF 8314 Section 3.3

("submission" here is a user submitting mail to their "home server" to then be sent onwards to the destination. it is not the transfer of mail between SMTP servers)

It appears that the only encryption offered to use for mail transfer is good ol' STARTTLS on 25. Which feels weird, but eh.

[gennyble]

On STARTTLS: RFC 3207

A publicly-referenced SMTP server MUST NOT require use of the STARTTLS extension in order to deliver mail locally. This rule prevents the STARTTLS extension from damaging the interoperability of the Internet's SMTP infrastructure.