From 079e5d19dabafeed6fa913b2b7fb2cb174a65190 Mon Sep 17 00:00:00 2001 From: Martin Zimmermann Date: Tue, 4 Feb 2014 18:10:03 +0100 Subject: [PATCH] add note about insecure connections, #65 --- docs/docs/configuration/server.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/docs/configuration/server.rst b/docs/docs/configuration/server.rst index b7ec976..de9ded7 100644 --- a/docs/docs/configuration/server.rst +++ b/docs/docs/configuration/server.rst @@ -178,8 +178,9 @@ port security use a secure connection to the server, possible values: *none*, *starttls* - or *ssl*. Python 2.X probably does not validate certificates (needs - research). But you should use a dedicated email account anyways. + or *ssl*. Note, that Python does not validate the server's certificate and + thus the connection is vulnerable to Man-in-the-Middle attacks. Therefore, + you should definitely use a dedicated SMTP account for Isso. to recipient address, e.g. your email address