Am 2016-10-14 12:49, schrieb Guillaume REMBERT:

> For MTA, the advice is "better to keep poor encryption than
> nothing". I am fine with this, BUT part of the config indicated is then
> useless (and made me feel like I did something incorrect), isn'it?
> These 2 parameters are not used at all with the opportunistic TLS:
> - smtpd_tls_mandatory_ciphers=high
> - 

No, smtpd_tls_mandatory_ciphers and the tls_high_cipherlist is NOT

In the BetterCrypto Config as explained it is used for MSA purposes. MSA
= Mail Submission Agent => On the Submission Ports you only have
Mail-Client to Server-Communication, and out there shouldn't be any old
MailClient which doesn't support the high-cipherlist. And on the
Submission-Ports Plaintext-Communication is disabled. So this makes
Ach mailing list

Reply via email to