It seems like there's no way to have routeros require the email smtp server to use `STARTTLS`
- setting 'start-tls=no' will not attempt STARTTLS
Code: Select all
/tool e-mail send from=some_sender to=some_receiver start-tls=yes server=some_server port=some_port user=some_user password=some_pass file=some_file
- setting 'start-tls=tls-only' will connect and immediately start talking tls with a client hello (ie. it won't really use STARTTLS command, it'll just start talking TLS straight away).
- setting 'start-tls=yes' will only attempt STARTTLS if the server advertises it in an extension, but will be happy to send a message unencrypted.
There's seems to be no way to have the mikrotik as a client require an upgrade using STARTTLS.
Also, it seems like using any self-signed cert is fine is fine with STARTTLS - how are certificates meant to be checked with e-mail? unlike the `/tool fetch` there's apparently no check-certificates option for email.