On 27/05/16 02:20, Matus UHLAR - fantomas wrote: >> Some lame govt mailservers are still using SSL23... >> "SSL23_GET_SERVER_HELLO:tlsv1 alert decode error" >> and rather than whitelist them I'm sure I used to just disable SSL >> via /etc/courier/esmtpd altogether (currently using v0.68.2)... > > why not whitelisting? Why to avoid security just because some can't > cope with it?
We only use authenticated relaying via 465/SSL and 587/TLS so none of our clients use port 25 for auth/relay. The problem is our client recipient has to contact our support which then asks them for a copy of the error, then I get it, then I have to squirrel around in the mail logs to determine IP/hosts and hope a dig mx finds the right mailserver etc then whitelists that server/mx and cross my fingers I got all that right and our client can continue on their merry way. I don't know how to check what percentage of port 25 mailserver to mailserver connections may be SSL encrypted to justify leaving SSL on port 25 for server to server connections. Would you (or anyone) have any idea how many mailservers are successfully connecting to each other via SSL these days? ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users